Results 1 to 5 of 5

Thread: Security and performance issues of web app. in a multi-tenant (multi- users) environm

  1. #1
    Join Date
    Feb 2012

    Security and performance issues of web app. in a multi-tenant (multi- users) environm

    Hi guys, I have just launched a business web app built using codeigniter - www.integrityinvoice.com. As this is my first web app and a critical business application I want to be sure that I block any obvious security holes.

    1. What are the security issues or better unobvious security holes of web app. in a multi-tenant (multi- users) environment ?

    2. I am currently hosting it on a shared hosting business account but intend to move it to a dedicated hosting once I get a handful users. When is the ideal time to move it to a dedicated environment? 100 , 500 users etc given that the app will be used by freelancers and small business owners to manage their invoicing and receipts needs regularly?

    3. Due to complexities of sub-domain and limitation of shared hosting environment, I decided to use one database for multi-tenant data architecture, just about every query uses a unique tenant ID, I haven't seen any issues about non-isolation of data, however I have noticed that many enterprise web app use sub-domain. Is there any advantage with it and if so what is your advice on switching in the future without breaking the app?

    4. What is your advice on concurrent transactions or queries by different users at the same time given one database?


  2. #2
    Join Date
    Feb 2012

    1. This is one of the better 'short lists' for web developers that also includes sections about security.

    2. It's always good to move to final/live environment as early as possible. There are always complications when changing the environment and it is better to deal with them early rather than later.

    3. I don't understand the question, are you asking if you should have separate databases for different parts of the system? Or are you talking about tables?

    4. Use transactions if possible, especially when there might be some error half-way through and you need to reverse the decision. For example, if a user creates a new invoice and at the same time creates a new recipient, your program might create one object but not save another due to error. In this case it's better to reverse the decision. But if the system is rather straightforward then you should not worry about that too much.

  3. #3
    Join Date
    Jul 2010
    1. Your security is entirely dependant on the system administrator. This is a perfect question to ask them. In the mean time, I found this list to be very very very informative and insightful: http://www.viper-7.com/articles/tips/ as it isn't only dependant on your system admin. Before even considering what security measures they have in place, it would be wise to at harden your application. This is something they can't do for you, and it must be done.

    2. money is involved. The sooner the better IMO.

    3. I think you're looking for a problem to solve with subdomains. I don't see how this is relevant.

    4. I don't see any issue with concurrent transactions in this scenario. This is a very in-depth question and it depends almost entirely on what is going on with the transaction. Just remember, if it rolls back you can always try again.
    I use (, ; : -) as I please- instead of learning the English language specification: I decided to learn Scheme and Java;

  4. #4
    Join Date
    Aug 2004
    As far as PHP security goes, a fairly short read: Essential PHP Security by Chris Shiflett.
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

  5. #5
    Join Date
    Feb 2012

    Thank you guys

    Just want to say thank you for your inputs on this thread.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center



X vBulletin 4.2.2 Debug Information

  • Page Generation 0.09849 seconds
  • Memory Usage 2,883KB
  • Queries Executed 15 (?)
More Information
Template Usage (32):
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_global_above_footer
  • (1)ad_global_below_navbar
  • (1)ad_global_header1
  • (1)ad_global_header2
  • (1)ad_navbar_below
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)ad_thread_first_post_content
  • (1)ad_thread_last_post_content
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)headinclude_bottom
  • (5)memberaction_dropdown
  • (1)navbar
  • (4)navbar_link
  • (1)navbar_moderation
  • (1)navbar_noticebit
  • (1)navbar_tabs
  • (2)option
  • (5)postbit
  • (5)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available (6):
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files (26):
  • ./showthread.php
  • ./global.php
  • ./includes/class_bootstrap.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/functions_navigation.php
  • ./includes/class_friendly_url.php
  • ./includes/class_hook.php
  • ./includes/class_bootstrap_framework.php
  • ./vb/vb.php
  • ./vb/phrase.php
  • ./includes/functions_facebook.php
  • ./includes/functions_calendar.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_notice.php
  • ./packages/vbattach/attach.php
  • ./vb/types.php
  • ./vb/cache.php
  • ./vb/cache/db.php
  • ./vb/cache/observer/db.php
  • ./vb/cache/observer.php 

Hooks Called (73):
  • init_startup
  • friendlyurl_resolve_class
  • init_startup_session_setup_start
  • database_pre_fetch_array
  • database_post_fetch_array
  • init_startup_session_setup_complete
  • global_bootstrap_init_start
  • global_bootstrap_init_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • load_show_variables
  • load_forum_show_variables
  • global_state_check
  • global_bootstrap_complete
  • global_start
  • style_fetch
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • strip_bbcode
  • friendlyurl_clean_fragment
  • friendlyurl_geturl
  • forumjump
  • cache_templates
  • cache_templates_process
  • template_register_var
  • template_render_output
  • fetch_template_start
  • fetch_template_complete
  • parse_templates
  • fetch_musername
  • notices_check_start
  • notices_noticebit
  • process_templates_complete
  • friendlyurl_redirect_canonical
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • memberaction_dropdown
  • tag_fetchbit
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • build_navigation_data
  • build_navigation_array
  • check_navigation_permission
  • process_navigation_links_start
  • process_navigation_links_complete
  • set_navigation_menu_element
  • build_navigation_menudata
  • build_navigation_listdata
  • build_navigation_list
  • set_navigation_tab_main
  • set_navigation_tab_fallback
  • navigation_tab_complete
  • fb_like_button
  • showthread_complete
  • page_templates