Hacker News

Masked namespace vulnerability in Temporal

32 points by bmit ago | 4 comments

haneul [-]

Even in a product as technically wonderful as Temporal, we can have relatively simple oversights like this that lead to cross tenant leakage.

If anyone is more familiar with Temporal, is there a way clients could have had internal defense in depth that guards against tenant leakage at the provider (Temporal) level?

jiggunjer |root |parent |next [-]

Don't use namespaces. Wire up multi-tenant at the RBAC level. Need stronger isolation? Run another cluster.

UltraSane |root |parent |next |previous [-]

Encrypting tenant data with per tenant keys is a good defense against this kind of thing.

bdj108 |root |parent |previous [-]

Things like this are inevitable, especially these days.