Topic: Opinions on best way to implement hosted application?

I am currently designing a hosted application and haven't been able to find much information about different ways to implement this. So far I have been designing it as a single code installation with a single database, having everything linked to a accounts table in the database, with some plugins to select the proper account id based on the URL.

However, I've found this to be more difficult than I had imagined to design, and I worry about both scalability and security. The size of the database could affect the response times of all customers, regardless of how much data each one has. As far as security, a compromise of any part of the code where things are scoped to an account could lead to users being able to read or write to data which is not theirs.

I am considering separate databases or even separate code bases entirely, but for those I question how easy they would be to maintain. However, the trade off is simpler design and code, separation of data for each account (better speed, easier backups, and an extra layer of security).

Right now I am comparing the following ways to implement this system:

1. Single code installation and database. All database queries are scoped to the account which is found through the domain/subdomain requested.

2. Single code installation, multiple databases. Database is selected by getting the account information out of a master database and then selecting the appropriate MySQL database for the account. Database changes would have to be done to n number of separate schemas.

3. Multiple code installations and databases.


Anyone have opinions about this or experience/examples of existing implementations?

Thanks!

Last edited by heyaz (2007-06-14 19:56:20)

Re: Opinions on best way to implement hosted application?

There are very few sites (if any) that fit the requirements of a separate database for each account. Unless your site fits in that minority because of its extreme security/performance requirements, it isn't a good way to go. You can build very high performance and secure sites without this approach. Basecamp is a perfect example of this (it just uses one database, not a separate one for each account).

Railscasts - Free Ruby on Rails Screencasts