Re: Database Hosting

From: Bob Badour <bbadour_at_pei.sympatico.ca>
Date: Tue, 21 Nov 2006 00:57:49 GMT
Message-ID: <has8h.22827$cz.347584_at_ursa-nb00s0.nbnet.nb.ca>


Joshua J. Kugler wrote:

> Murdoc wrote:
> 
> 

>>Hi all,
>>
>>Our company is about to embark on rewriting our entire application to be
>>truly client/server based, and bring the UI up to .NET. One of the
>>additional services that our CEO wants to provide is the hosting of the
>>software ourselves (to save our smaller clients the licensing costs of the
>>database server software, etc).
>>
>>However, the proposed solution to this is to simply have a single database
>>with every client's data in it, and add a 'client-code'/'client-id' field
>>to EVERY single table in the database.
>>
>>Now, to me this seems to be a seriously flawed method of doing it, when a
>>much simpler option (one database per client) is available.
>>
>>What are your thoughts, and how do other companies provide a similar
>>service?
> 
> How is security laid out?  Is it table or row based permissions?  If it is
> table based permissions, a user could log in with another client for your
> SQL server and issue queries on data that does not belong to them.  I would
> *highly* recommend doing one database per customer.  Security (in my mind,
> anyway) will be greatly simplified.

Is the security function in SQL Server really that bad? Received on Tue Nov 21 2006 - 01:57:49 CET

Original text of this message