The initial multi-tenant implementation was simply a way to run multiple
database instances on a single copy of OFBiz - basically a user logs
into a database instance. Other than that, nothing much changed - so the
dangers of someone hacking into a multi-tenant instance of OFBiz is no
different than a single instance.
-Adrian
On 1/28/2012 5:17 PM, Ruth Hoffman wrote:
Hans, Pierre and several others have been kind enough to outline the
OFBiz multi-tenant value proposition.
I appreciate this primarily because I can't even count the number of
times prospective OFBiz users have asked me about it. Now, with this
background information, I feel comfortable articulating the marketing
value proposition.
What I still have great angst about, is the security side of
multi-tenancy. Perhaps someone can clarify or answer this basic question:
What is to stop a hacker or otherwise malicious tenant from writing a
Groovy script (or Java program that is inserted on the classpath when
the system is rebooted) that acts as a "trojan horse"? For example,
how can you stop a savvy tenant from adding a program (or, I could
even see hacking the Mini-lang since all it is - is interpreted XML
statements) that monitors (JVM) memory and captures shopping cart
objects or usernames and passwords of the other tenants?
Really, I'd like to endorse multi-tenant implementations. But I am
still left with this one - very significant - security question.
Anyone care to respond? Am I missing something here?
Regards,
Ruth Hoffman