Multi-tenancy with WASP and Postgres?
Hello all! I'm testing out this awesome template, and was wondering if WASP is good for multi-tenancy? I'm assuming I my just need to create seperate databases for new clients. Has anyone done this before with success and was it secure?
5 Replies
Hey @Trini Man , that sounds about right! You could basically just deploy your app multiple times, each time with a different database.
What exactly do you need to do? Re security, Wasp compiles to React & Node, so it is the same as if you built your app with it and deployed it.
Awesome, I was thinking of editing the code to generate a new DB per new user (customer). This way my admin dashboard could calculate all the profits in one place. This may take me awhile. Your strategy is faster.
@Trini Man , why would you want to have a new DB per new customer though, why not have them all share the same DB? Are there any specific regulations stopping you from doing so? Because typical approach is to have a single database and data from many users in it -> your server ensures everybody can access only their own data. That is industry standard, and more complicated solutions are used only when you have some special regulations, or are maybe deploying on prem or something.
I guess I’m used to sql injection testing and I have seen what a well placed sql code in the url can do. And depending on the data the hacker may want, they will have access to all my customers (subscribers/users).
Got it -> hopefully this is something that your app would take care of, by following typical security practices like sanitizing user input, but I understand that this gives some extra assurance since all the data is not in the same database. I am guessing than that you have a smaller number of these customers, like a couple of them.
What is a difficult with this approach is that you have to maintain multiple deployments of your app, but if in your case that is worth the tradeoff, then sure, it might make sense!