tags:

views:

84

answers:

2
+1  Q: 

Custom CMS with multiple users. Best practices

Hi,

I'm currently developing a web application for a particular niche. The point is that users can create an account, manage specific data and use that data on their website through API calls. So it's actually some sort of WordPress CMS but without the front end functionality. It is also not open source.

So in short, user can manage their data and use it on another remote website through an API.

My question:

Should I create an empty database for each new account or should link each record with a unique ID for that account?

Which of the two is the most common way, which one is the most secure and which one requires the least maintenance?

+1  A: 

Usually it's a bad idea to start duplicating databases. As your system changes, you'll have to apply patches to all of the different databases so that they work with the code changes. This can be tricky. A much simpler solution is to just keep everything in a single database. Any data that is user-specific should have an identifier (such as UserID) so you know which user it belongs to.

The only case I can think were creating a new instance of the database makes sense is where the instances of the database will run on physically separate machines, for different clients.

FrustratedWithFormsDesigner  2010-08-12 13:41:05
Just like I thought. Can it be a security issue? eg: there are a thousand accounts and one hacker. When a hacker manages to alter the database -> a thousand websites will be broken. When I use the other method (multiple databases) I don't have that problem.
Bundy  2010-08-12 16:03:11
@Bundy: True, but if it's a technical exploit (versus a social one such as conning someone into giving up a password), they will all be vulnerable in the same way, especially if they are on the same physical machine. It might protect the other accounts a little bit, but it's hard to say how much. Is it worth the extra maintenance of *n* duplicated systems?
FrustratedWithFormsDesigner  2010-08-12 16:13:14
A: 

i think that depends on what the site will do.

if it serves separate business, like what is provided by sourceforge, which is targeting a group of users's business, then separate your user tables or even dbs, or have some procurement process is necessary

if you are targeting your site to individual users it's easier to go with records of users

Andy Lin  2010-08-12 13:42:20

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL