OFBiz OFBiz - Dev

Multi-tenant and rev 1649090

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Adrian Crum-3
Reply | Threaded
Open this post in threaded view
|

Multi-tenant and rev 1649090

Adrian Crum-3
In rev 1649090 I removed references to Delegator and LocalDispatcher.

That commit fixes a serious flaw in multi-tenant installations - which
allowed tenants to view each others data wherever a tree widget was used
(GL for example).


--
Adrian Crum
Sandglass Software
www.sandglass-software.com
Jacques Le Roux
Reply | Threaded
Open this post in threaded view
|

Re: Multi-tenant and rev 1649090

Jacques Le Roux
Administrator
Thanks Adrian,

Should this not be considered a security issue, and then backported?

Jacques

Le 02/01/2015 20:03, Adrian Crum a écrit :
> In rev 1649090 I removed references to Delegator and LocalDispatcher.
>
> That commit fixes a serious flaw in multi-tenant installations - which allowed tenants to view each others data wherever a tree widget was used (GL
> for example).
>
>
Adrian Crum-3
Reply | Threaded
Open this post in threaded view
|

Re: Multi-tenant and rev 1649090

Adrian Crum-3
I'm finding other problems. I will backport a fix when I am finished
with the trunk.

Adrian Crum
Sandglass Software
www.sandglass-software.com

On 1/3/2015 3:33 AM, Jacques Le Roux wrote:

> Thanks Adrian,
>
> Should this not be considered a security issue, and then backported?
>
> Jacques
>
> Le 02/01/2015 20:03, Adrian Crum a écrit :
>> In rev 1649090 I removed references to Delegator and LocalDispatcher.
>>
>> That commit fixes a serious flaw in multi-tenant installations - which
>> allowed tenants to view each others data wherever a tree widget was
>> used (GL for example).
>>
>>
Free forum by Nabble Edit this page