NetTalk Central

NetTalk Web Server => Web Server - Ask For Help => Topic started by: peterH on July 08, 2014, 12:22:23 PM

Title: Multi-tenant app (again) - is this safe?
Post by: peterH on July 08, 2014, 12:22:23 PM

Hi all,

I have watched webinars and read about this subject and it looks like setting the owner (this is mssql) in the ProcessLink procedure inside the webhandler is the way to go.

However, I've taken a different approach since I didn't know about this way of doing it when I first needed it way back. In the LoginForm - after validating the user against a global user table which also has the name of the user's db - I issue a {prop:sql} = 'use ' & p_web.GSV('cur_dbnavn'). It's my understanding that this use command will remain in effect for the life of the session and so far that seems to hold true. But after doing all the reading and watching I'm starting to get second thoughts about all this.

Can someone tell me if I'm totally off here? I need some peace of mind.

Peter

Title: Re: Multi-tenant app (again) - is this safe?
Post by: kevin plummer on July 08, 2014, 04:36:15 PM

I can't say 100% your method won't work but I would be VERY surprised if it did. Why? Because everything runs on threads. Setting the SQL DB like you have is like using globals. You need to set the DB owner on the thread in the process link embed. Setting "Use" at login would be overwritten when the next user logs in to a different DB. It would be easy to test (and prove me wrong) - simply use 2 different browsers and log into 2 different DB's. The first login will start using the 2nd login's DB.

Title: Re: Multi-tenant app (again) - is this safe?
Post by: peterH on July 08, 2014, 06:59:29 PM

Hi Kevin,

You're absolutely and 100% right!
I guess I've just been lucky in a low frequent use app. And I had this nagging feeling that something was not right - thus my asking here (before I let in more users).

Thanks for clarifying.
Peter