← Graph

Is the WHERE-clause leak risk real with acts_as_tenant?

question 2 connections

Q&A remark: acts_as_tenant raises an error on any Active Record query against a tenant-scoped model when no tenant is set, so in practice the forgotten-WHERE-clause leak doesn't happen when using Active Record. Speaker agrees: the risk only materialises when the database is accessed by something other than the Rails application (other services, direct SQL) — the caveat is about remembering that the mechanism still hinges on default scopes.

answer_summary
In practice acts_as_tenant raises on missing tenant, so Active Record users are safe. The risk is real when other services or raw SQL hit the database directly.
question Is the WHERE-clause leak risk real with acts_as_tenant?
about
acts_as_tenant tool
Question is specifically about acts_as_tenant's default behaviour.
question Is the WHERE-clause leak risk real with acts_as_tenant?
asked_at
Nightmare neighbours caveats of Rails based mutlitenancy talk
Asked in Q&A of the talk.

Provenance

Created in
Nightmare Neighbours: caveats of Rails-based multitenancy 2026-04-17 18:12
Read by
2 extractions