Comment 1 for bug 1226078

I assume this behavior has been exploitable back at least as far as essex? When you say well-known, is the choice not to check tenant membership on these operations publically documented (not just buried in the source code or hinted at in mailing list archives)? Are there scenarios where this could reasonably compromise tenant security or is it simply a means of bypassing resource limits/restrictions? I'm basically trying to work out whether this warrants an advisory, and if so what risks it presents to whom.