We would like to have security in place to avoid cross environment deletions. For example: Currently it is possible when you have solution A on environment B to delete records from environment A. This can be the case when a backup is restored, or by mistake the wrong cdi_settings.xml is in place.
While opening the settings page an message is shown that the orgname does not match, however plugins or the clickdimensions servers are not checking if the source is indeed valid.
This can cause cross site deletions.
A possible solution can be assuming Clickdimensions is using API's: To check if the calling environment for a given accountcode matches the registered environment. If yes, respect the call, if not drop the call and do not execute.
the plugins can be adjusted to execute the same check as the settingspage.