|
|
|
|
|
|
by kevincox
2116 days ago
|
|
|
If you are running a copy of the same software for each tenant anyways it doesn't matter much as a SQL injection for one tenant is most likely available on all tenants. I think for this use case security is focused on accidentally returning the wrong tenant's data (fully or partially) |
|
|
Yes, but typically not across tenants. Maybe the flaw is only exploitable to admins of each tenant and they shouldn’t see other tenants data.
I.e. https://news.ycombinator.com/item?id=24216009