[DUG] Multi client website

Gary T. Benner gary at benner.co.nz
Mon Aug 1 20:35:43 NZST 2016 

[Reply]

HI John,

You got it, but you may have to load a bit of tenant data in the $_SESSION array to optimise performance. Not css - that can be either hardcoded files or stored in the DB.

The big issue with multi-tenanted sites is to have double security to ensure no "cross contamination" of data, through some error situation occurring, and we all know  that ALL of our code is super secure, right!

Think of the accommodation / building equivalent - these buildings need special firewall construction, sound isolation between the different living areas, for safety and comfort. The same applies to different clients with data stored in the same DB and web app.

The isolation of a separate DB and web app / domain provides the same type isolation as we get by living in different houses in our own quarter acre property.

Depending on the nature of the application, you may wish to entertain the use of SSL (https) , and ensure that each page has code to doubly check the visitor and their rights to use the resources available. Me paranoid?  Well yes, and you must be in such situations.

BTW, in secure (financial) applications I implement three tier server architectures with an internal web services environment with separate Virtual Servers firewalled with all management access available only through an internal network which is accessible only through an alternate VPN.

HTH

Gary



At 22:11 on 31/07/2016 you wrote 
>To  : gary at benner.co.nz
>CC  : >From: John C, jc at sunshinesoftware.co.nz
>Content Type: text/html
>Attached: >
>This is a multi-part message in MIME format.
>
>
>
>Hi Gary
>
> >
>Are you referring to any specific inbuilt Session features or just the
>standard kind of $_SESSION['abc'] ?
>
> >
>John >
> >
>From: Gary T. Benner [mailto:gary at benner.co.nz] >Sent: Sunday, July 31, 2016 7:18 PM
>To: jc at sunshinesoftware.co.nz
>Cc: delphi at listserver.123.net.nz
>Subject: RE: [DUG] Multi client website
>
> >
>[Reply] >
>HI John et alia, >
>Irrespective of what development environment, Delphi and variants, PHP or
>ASP, the most common method is to maintain "session data" which is managed
>using a cookie (which identifies the browser to the server) or a hidden set
>of data fields which are passed back and forth for each request / response
>to the webserver. >
>In a multi-tenanted website, as I understand it, you need to be doubly
>careful to ensure that data is never mixed up - very embarrassing otherwise.
>
>
>In PHP & ASP there are inbuilt Session features which make this a breeze -
>however you will still need to put in additional layers to manage multiple
>"tenants", and cross checks to ensure only logged in users get to see their
>own data and nothing else. >
>Good luck. >
>cheers >
>Gary >
>At 13:43 on 31/07/2016 you wrote >
>>Hi all >
>> >
>>I have a website what will be available to the public but specific for more
>
>
>>than one clients. The frame work of the website will be the same for each >
>>client but their images and CSS file will be different (making it look >
>>differently). >
>> >
>>The plan is to have a sub-domain for each client from where it will jump to
>
>
>>the "common" pages on the main domain. The index file on each sub.domain >
>>identifies the client and therefore define the directory path to use for
>the >
>>images and the CSS file. >
>> >
>>I was thinking of doing this with cookies for the paths to be used in the >
>>main program, but I'm not sure it would be a good plan and if that will
>work >
>>properly (setting a cookie from within a sub.domain to be used in the main >
>>domain). >
>> >
>> >
>> >
>>Any ideas or suggestions of how to do this? >
>> >
>> >
>> >
>>Thanks a lot in advance >
>> >
>>John C >
>> >
>> >
>> >
>> >
>> >
>>_______________________________________________ >
>>NZ Borland Developers Group - Delphi mailing list >
>>Post: delphi at listserver.123.net.nz >
>>Admin: http://delphi.org.nz/mailman/listinfo/delphi >
>>Unsubscribe: send an email to delphi-request at listserver.123.net.nz with
>Subject: unsubscribe
>
>
>Gary Benner CITPNZ
>
>Chartered IT Professional
>
>
>Email: gary at benner.co.nz
>
>Mobile: +64 21 966 992
>
>Office: +64 9 281 4391
>
>
>
>
>
>
> >
>
>Director
>
>123 Internet Ltd
>
>.nz Internet Registrar
>
>Cloud Web Hosting
>
>
>
>
>Director
>
>Onlearn Ltd
>
>e-Learning Specialists
>
>Moodle - Articulate - Camtasia
>
>
>
>
>Director
>
>Tsunado New Zealand Ltd
>
>Tsunado Australia Ltd
>
>Emergency Public Alerting
>
>
>
>
>Director
>
>Semantic Ltd
>
>Web, Mobile & PC Software
>
>IT Systems Consultancy
>
>
>
> >
>
>
>Ref#: 41006
>
>No virus found in this message :-)
>Checked by AVG - www.avg.com
>Version: 2016.0.7690 / Virus Database: 4627/12713 - Release Date: 07/30/16
>

Ref#: 41006

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listserver.123.net.nz/pipermail/delphi/attachments/20160801/5506da32/attachment-0001.html

More information about the Delphi mailing list