Menu
448
A subdomain name is a piece of additional information added to the beginning of a website's domain name. It allows websites to separate and organize content for a specific function — such as a blog or an online store — from the rest of your website.
A subdomain is, as the name would suggest, an additional section of your main domain name. You create subdomains to help organize and navigate to different sections of your main website. Within your main domain, you can have as many subdomains as necessary to get to all of the different pages of your website.
Greater security risk - In a multi-tenant system, the risks are higher because resources are shared by multiple customers. If one customer's data is compromised, it is more likely that it will affect other customers, unlike in a single-tenant cloud where security incidents are isolated to a single client.
(Sub-)domain multi-tenancy is good if you want to give an user a perception of fully isolated tenancy. The customer may want custom welcome and login page, separate user-base etc. On the other hand the path based multi-tenancy is good for the users who are not fixed to single tenant namespace.
There are several ways to determine tenant on HTTP level:
Host headerHost header,host.com/tenantId/... Here are an answers to your questions:
(Sub-)domain multi-tenancy is good if you want to give an user a perception of fully isolated tenancy. The customer may want custom welcome and login page, separate user-base etc. On the other hand the path based multi-tenancy is good for the users who are not fixed to single tenant namespace. It is mostly used by social networks like Facebook, GitHub etc.
(Sub-)domains can give you better isolation and security control for cookies, cross-origin resources sharing (CORS). It makes cross-tenant CSRF or XSS a bit harder. Moreover if you have control over DNS or Load-balancer you can assign tenants to different IPs (think geo-routing) or to various versions of application (e.g. beta tenants). You can assign a separate app instance or server for your most important tenants. This way you get a cheap tool to control risk of single point of failure and all eggs in one basket.
Any web-framework which gives you an access to HTTP headers (Host) is sub-domains capable. Any serious MVC web-framework should give you sub-domain as action parameter directly or by plugin.
It is definitely a design choice. If you want to know the best way think what level of isolation you want for your tenants. If you decide but you will find that the way is not right then you can migrate to another level with help of HTTP 301 redirection.
166
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
