Re: Multi tenancy : schema vs databases

From: Karsten Hilbert <Karsten(dot)Hilbert(at)gmx(dot)net>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: Multi tenancy : schema vs databases
Date: 2016-10-02 19:42:04
Message-ID: 20161002194204.hllin3shfgw2qrhm@hermes.hilbert.loc
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Sat, Oct 01, 2016 at 07:21:47PM -0400, Melvin Davidson wrote:

> *I would like to comment on the multiple schema vs databases situation.
> First of all, 1000's of databases is insanity and just asking for trouble.
> Next, 1000's of schemas is a nightmare to maintain. I understand the
> requirement for client data to be "isolated", but in reality, data is never
> really separated. Once it's on the server, any good hacker with a knowledge
> of SQL can find it. So, IMHO, the best solution is to isolate by a client
> ID in the tables of one database. Then make sure you have sufficient and
> correct security on those tables.*

The concern was raised that if tenant data is separated only
by client_id within one and the same table a simple client_id
related error in the app would expose another tenants data.

Would not RLS help in avoiding this sort of thing ? Tie RLS
based row visibility to the logged in user and hand out
different accounts to tenants. That way, the app cannot see
anything beyond what the user types into the application in
terms of credentials. The app can't really do it wrong -- the
user provides credentials and the database provides data
based on those credentials.

Karsten
--
GPG key ID E4071346 @ eu.pool.sks-keyservers.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Devrim Gündüz 2016-10-02 20:04:18 Re: Installing pgAdmin 4 in Oracle Enterprise Linux 7
Previous Message Adrian Klaver 2016-10-02 19:05:29 Re: Installing pgAdmin 4 in Oracle Enterprise Linux 7