Collaborate Disseminate
That is, is it generally considered more secure to save a single application-wide private key on the web server compared to storing (protected/encrypted) private keys in the database?
More specifically, would storing multiple copies of th… Continue reading Does a shared (but encrypted) private key for a group of users reduce the effectiveness of the encryption?
Consider a multi-tenant SaaS application that uses domain names to identify which customer to serve. Customers access the application using client001.ourdomain.com, client002.ourdomain.com, etc. The code base is shared among … Continue reading Security concerns over predictable URLs in a multi-tenant environment
The meta question here is that I’m trying to understand the risks to multitenant java applications from gadget chains.
For example, we’re all familiar with the deserialization gadget that allows the creation of arbitrary jav… Continue reading Is it reasonably possible to enable vulnerabilities via gadget chains?
I’m creating a file sharing system, in which the unique key of a file is one of the critical components to the retrieval of that file.
For simplicity, lets say the unique keys are the file names.
I’d like to keep these filena… Continue reading Sharing individually encrypted elements between users of a system
I’m creating a file sharing system, in which the unique key of a file is one of the critical components to the retrieval of that file.
For simplicity, lets say the unique keys are the file names.
I’d like to keep these filena… Continue reading Sharing individually encrypted elements between users of a system
First thing: let’s put aside the debate on whether JWT should be used for managing sessions, I’m already aware of it and (at least some of) its limitations (invalidation, automatic prolongation of expiration, etc.) 😉
Imag… Continue reading Role-based and multitenant authorisation via JWT?
We have given customers the option to allow custom domains which ultimately point to our server by changing the CNAME.
Some of our customers would like to have SSL enabled to their domain but I am wondering how to manage ce… Continue reading Manage SSL certificates for a multi-tenant website
We have started to develop a multi-tenancy product.
The product will be deployed in the cloud.
Should we encrypt the product data?
Should the data for each tenant be encrypted using its own key?
Added
Each tenant stores the… Continue reading Should we encrypt data in a multi-tenancy product in the cloud?
Is there a security risk of using same firewall hardware as the company perimeter firewall device (providing multi-tenancy) which is already shared by other companies? Is there a possibility of being affected our firewall ten… Continue reading Security risks of multitenancy
I’m working at an EU-based company and we’d like to offer business customers some kind of OS-independent cloud-based SaaS platform for processing and storing sensitive (health) data. We’d like to implement our software on the Google Cloud … Continue reading How to manage customer-supplied encryption keys in a multi-tenant cloud SaaS?