Hello,
I am using Hibernate with Seam to build a prototype for a multi-tenant application.
Things are working well thanks to the integration of Hibernate filters within Seam.
Now, one drawback in the current set-up is that users can still fetch entities that do not correspond to their tenant filter criteria. This is wanted behaviour as discussed previously in this forum and stated in the book:
Quote:
Retrieval by identifier can’t be restricted with a dynamic data filter. It’s alsoconceptually wrong: If you know the identifier of an Item, why shouldn’t you beallowed to see it? The solution is to filter the identifiers—that is, not expose identifiers that are restricted in the first place
Filters actually do a good job in not exposing identifiers that are restricted, but what about simply guessing of identifiers in requests (e.g. to a Seam HomeObject that will return the entity). Guessing can be very simple if I look at the parameters that are exposed to me and change them according to common identifier logic... alternatively brute force guessing would also expose entities that schould be hidden.
So how can the access be restricted to Objects that fullfil my filter criteria, even if they are accessed "by identifier"?
I've found quite some discussions on this topic but no real solution for a secure implemetation! Any help appreciated!