Skip to first unread message
Nicolas Micoud
Mar 26, 2015, 6:53:48 AM3/26/15
to idem...@googlegroups.com
Hi,
In an instance which has several tenants and where users logs in using the LDAPuser field, it is possible to have duplication of username/password.
That could lead to security breach : it is possible that 2 John Smith work in 2 tenants (username will be "jsmith"). And if they use the same password, they will be able to log in the 2 companies.
My idea is to force (using a new field in AD_Client or a SysConfig) a prefix.
For instance, all LDAPUser would start with "gw_" at GardenWorld. If this value is unique, that will fix the issue.
Should I upload a patch ?
WDYT ?
Thanks
Nicolas
Reply all
Reply to author
Forward
0 new messages