2 comments

[ 2.6 ms ] story [ 8.8 ms ] thread
Even in a product as technically wonderful as Temporal, we can have relatively simple oversights like this that lead to cross tenant leakage.

If anyone is more familiar with Temporal, is there a way clients could have had internal defense in depth that guards against tenant leakage at the provider (Temporal) level?

Encrypting tenant data with per tenant keys is a good defense against this kind of thing.