NetTalk Central

Author Topic: Multi-tenant app (again) - is this safe?  (Read 3307 times)

peterH

  • Sr. Member
  • ****
  • Posts: 413
    • View Profile
Multi-tenant app (again) - is this safe?
« on: July 08, 2014, 12:22:23 PM »
Hi all,

I have watched webinars and read about this subject and it looks like setting the owner (this is mssql) in the ProcessLink procedure inside the webhandler is the way to go.

However, I've taken a different approach since I didn't know about this way of doing it when I first needed it way back. In the LoginForm - after validating the user against a global user table which also has the name of the user's db - I issue a {prop:sql} = 'use ' & p_web.GSV('cur_dbnavn'). It's my understanding that this use command will remain in effect for the life of the session and so far that seems to hold true. But after doing all the reading and watching I'm starting to get second thoughts about all this.

Can someone tell me if I'm totally off here? I need some peace of mind.

Peter

kevin plummer

  • Hero Member
  • *****
  • Posts: 1195
    • View Profile
    • Production Accounting and Software Payroll
Re: Multi-tenant app (again) - is this safe?
« Reply #1 on: July 08, 2014, 04:36:15 PM »
I can't say 100% your method won't work but I would be VERY surprised if it did. Why? Because everything runs on threads. Setting the SQL DB like you have is like using globals. You need to set the DB owner on the thread in the process link embed. Setting "Use" at login would be overwritten when the next user logs in to a different DB. It would be easy to test (and prove me wrong) - simply use 2 different browsers and log into 2 different DB's. The first login will start using the 2nd login's DB.

peterH

  • Sr. Member
  • ****
  • Posts: 413
    • View Profile
Re: Multi-tenant app (again) - is this safe?
« Reply #2 on: July 08, 2014, 06:59:29 PM »
Hi Kevin,

You're absolutely and 100% right!
I guess I've just been lucky in a low frequent use app. And I had this nagging feeling that something was not right - thus my asking here (before I let in more users).

Thanks for clarifying.
Peter