Hi guys, I have just launched a business web app built using codeigniter - www.integrityinvoice.com. As this is my first web app and a critical business application I want to be sure that I block any obvious security holes.

1. What are the security issues or better unobvious security holes of web app. in a multi-tenant (multi- users) environment ?

2. I am currently hosting it on a shared hosting business account but intend to move it to a dedicated hosting once I get a handful users. When is the ideal time to move it to a dedicated environment? 100 , 500 users etc given that the app will be used by freelancers and small business owners to manage their invoicing and receipts needs regularly?

3. Due to complexities of sub-domain and limitation of shared hosting environment, I decided to use one database for multi-tenant data architecture, just about every query uses a unique tenant ID, I haven't seen any issues about non-isolation of data, however I have noticed that many enterprise web app use sub-domain. Is there any advantage with it and if so what is your advice on switching in the future without breaking the app?

4. What is your advice on concurrent transactions or queries by different users at the same time given one database?