Hi Azeez, On Thu, Jul 5, 2012 at 8:23 AM, Afkham Azeez <az...@wso2.com> wrote:
> One thing needs to be confirmed. In the rare case of a new tenant being > created with the ID of a deleted tenant, is there any security risk? I > mean, when we delete the old tenant, do we remove all deployment artifacts, > registry entries and so on? If not, there could be a security issue, where > the new tenant can see & download all the artifacts of the old tenant. > > We never reuse the tenantId. And this was implemented to enable automated UI testing only in the branch. IMO, I prefer to keep it like that until we fix the other high priority items. thanks, dimuthu > > On Wed, Jul 4, 2012 at 7:39 PM, Muhammed Shariq <sha...@wso2.com> wrote: > >> Hi, >> >> On Wed, Jul 4, 2012 at 6:49 PM, Afkham Azeez <az...@wso2.com> wrote: >> >>> As for the case of the map filling up, the key & value are very simple >>> string/int. Even millions of entries will result in very low memory >>> consumption. Millions of entries in this map translates to millions of >>> active tenants. There can be only one entry per tenant. So, once again, my >>> suggestion is this map cleaning up is not needed. The cost of doing this is >>> very high & the benefit is very very small. >>> >>> >>> On Wed, Jul 4, 2012 at 6:35 PM, Afkham Azeez <az...@wso2.com> wrote: >>> >>>> Tenant deletion is a very rare usecase. So, we need not complicate >>>> things at this moment. Please note that deleted tenant IDs should not be >>>> reused. So, my suggestion is, don't fix this. >>> >>> >> We are not reusing the tenant id, actually if we try to create a tenant >> with a deleted tenant domain then the new tenant id will be different, but >> since we cannot update the individual maps in the separate services, we >> still get the old tenant id for the newly created tenant. Of course, these >> issue arises only if we delete a tenant and create a tenant with the same >> domain, which is a rare usecase, so may be we can live with it. >> >> Also as Sanjeewa mentioned, this map is heavily used by many components >> so deleting records might cause a performance hit as well. Anyway I wanted >> to bring this up before we freeze the kernel to discuss any possible >> solution ... >> >>> >>>> >>>> On Wed, Jul 4, 2012 at 6:23 PM, Muhammed Shariq <sha...@wso2.com>wrote: >>>> >>>>> Hi folks, >>>>> >>>>> To provide some background, currently in JDBCTenantManager we have two >>>>> maps namely tenantIdDomainMap and tenantDomainIdMap to act as a cache when >>>>> fetching a tenant's id via domain name or vise-versa. Whenever we try to >>>>> obtain the id via domain for example, it first checks if that particular >>>>> domain is present in the tenantDomainIdMap, and if only if its not >>>>> available it checks the DB. >>>>> >>>>> We however never clear these tow maps, so if there is a domain-id >>>>> mapping it exist as long as the server is running. Note that we have these >>>>> maps per Stratos service, meaning AS, ESB, DSS etc maintains its own map >>>>> locally. Previously this was no issue since we didn't have the facility to >>>>> delete a tenant, but when trying to create the tenant deletion patch, I >>>>> came across some issues since we never clear this map. >>>>> >>>>> For example say we have a tenant foo.com with TID - 10. If this >>>>> tenant logs into AS, the locals maps will contain the mapping tenant >>>>> foo.com <=> TID - 10. Next we delete the tenant from Manager and also >>>>> the delete the entry in the locals maps of Manager, but still we have no >>>>> way of clearing the domain <=> ID mapping in AS (or any other service). So >>>>> if we create another tenant foo.com with TID-12 AS will still have >>>>> the old domain-id mapping, which obviously causes issue. >>>>> >>>>> So I am looking for a way to clear these two maps. One suggestion was >>>>> to delete the domain-id mapping when unloading the tenant. For this we >>>>> need >>>>> to add static getter methods for the two maps, not sure if that's a good >>>>> idea, or have a scheduled thread to cleanup the map periodically, or else >>>>> have an overloaded method, getTenantId(String tenantDomain, boolean >>>>> readDB) >>>>> ... ?! >>>>> >>>>> Please suggest what would be the best way to clean up the local >>>>> domain-id mapping ... >>>>> >>>>> -- >>>>> Thanks, >>>>> Shariq. >>>>> Phone: +94 777 202 225 >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Afkham Azeez* >>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>> Member; Apache Software Foundation; http://www.apache.org/ >>>> * <http://www.apache.org/>** >>>> email: **az...@wso2.com* <az...@wso2.com>* cell: +94 77 3320919 >>>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>>> twitter: >>>> **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>>> * >>>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>>> * >>>> * >>>> *Lean . Enterprise . Middleware* >>>> >>>> >>> >>> >>> -- >>> *Afkham Azeez* >>> Director of Architecture; WSO2, Inc.; http://wso2.com >>> Member; Apache Software Foundation; http://www.apache.org/ >>> * <http://www.apache.org/>** >>> email: **az...@wso2.com* <az...@wso2.com>* cell: +94 77 3320919 >>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>> * >>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>> * >>> * >>> *Lean . Enterprise . Middleware* >>> >>> >> >> >> -- >> Thanks, >> Shariq. >> Phone: +94 777 202 225 >> >> > > > -- > *Afkham Azeez* > Director of Architecture; WSO2, Inc.; http://wso2.com > Member; Apache Software Foundation; http://www.apache.org/ > * <http://www.apache.org/>** > email: **az...@wso2.com* <az...@wso2.com>* cell: +94 77 3320919 > blog: **http://blog.afkham.org* <http://blog.afkham.org>* > twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> > * > linked-in: **http://lk.linkedin.com/in/afkhamazeez* > * > * > *Lean . Enterprise . Middleware* > >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
