Joshua J. Kugler wrote:
> Murdoc wrote:
>
>
>>Hi all,
>>
>>Our company is about to embark on rewriting our entire application to be
>>truly client/server based, and bring the UI up to .NET. One of the
>>additional services that our CEO wants to provide is the hosting of the
>>software ourselves (to save our smaller clients the licensing costs of the
>>database server software, etc).
>>
>>However, the proposed solution to this is to simply have a single database
>>with every client's data in it, and add a 'client-code'/'client-id' field
>>to EVERY single table in the database.
>>
>>Now, to me this seems to be a seriously flawed method of doing it, when a
>>much simpler option (one database per client) is available.
>>
>>What are your thoughts, and how do other companies provide a similar
>>service?
>
> How is security laid out? Is it table or row based permissions? If it is
> table based permissions, a user could log in with another client for your
> SQL server and issue queries on data that does not belong to them. I would
> *highly* recommend doing one database per customer. Security (in my mind,
> anyway) will be greatly simplified.
Is the security function in SQL Server really that bad?
Received on Mon Nov 20 2006 - 18:57:49 CST
