Самая дорогая ошибка моего B2B SaaS имела ровно одну строчкуСамая дорогая ошибка моего B2B SaaS имела ровно одну строчку: TENANT_ID = “tenant-1” в config.py. Полтора дня поиска бага показали, почему multi-tenant архитектуру нужно закладывать с первого коммита. Разбор трёх архитектурных решений для multi-tenant SaaS в регулируемой отрасли — tenant_id helper, PostgreSQL EXCLUDE USING gist против double-booking, 152-ФЗ как код на FastAPI и SQLAlchemy. Читать далее
capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by `capsule-proxy` gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example consider two tenants `solar` and `wind`. Tenant `solar`, owned by a ServiceAccount named `tenant-owner` in the Namespace `solar`. Tenant `wind`, owned by a ServiceAccount named `tenant-owner` in the Namespace `wind`. The Tenant owner…
On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services on Juniper Networks Junos OS, due to incorrect default permissions assigned to tenant system administrators a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant. This…
A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on another tenant's firewall configuration and access control policies, as well as other sensitive information, exposing the tenant to reduced defense against malicious attacks or exploitation via additional…