Re: Database Hosting
Date: Tue, 21 Nov 2006 00:57:49 GMT
Message-ID: <has8h.22827$cz.347584_at_ursa-nb00s0.nbnet.nb.ca>
Joshua J. Kugler wrote:
> Murdoc wrote:
>
>
>>Hi all,
>>
>>Our company is about to embark on rewriting our entire application to be
>>truly client/server based, and bring the UI up to .NET. One of the
>>additional services that our CEO wants to provide is the hosting of the
>>software ourselves (to save our smaller clients the licensing costs of the
>>database server software, etc).
>>
>>However, the proposed solution to this is to simply have a single database
>>with every client's data in it, and add a 'client-code'/'client-id' field
>>to EVERY single table in the database.
>>
>>Now, to me this seems to be a seriously flawed method of doing it, when a
>>much simpler option (one database per client) is available.
>>
>>What are your thoughts, and how do other companies provide a similar
>>service?
> > How is security laid out? Is it table or row based permissions? If it is > table based permissions, a user could log in with another client for your > SQL server and issue queries on data that does not belong to them. I would > *highly* recommend doing one database per customer. Security (in my mind, > anyway) will be greatly simplified.
Is the security function in SQL Server really that bad? Received on Tue Nov 21 2006 - 01:57:49 CET