Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming ACL for multiple applications
ACL for multiple applications
  • El Forum
    Guest
  •  
#1
05-17-2009, 02:26 PM

[eluser]avanwieringen[/eluser]
Hi, I have a short question.
I have multiple applications, but I would like to implement 1 ACL-db for those different applications. This would mean that every application would need to connect to 2 databases (their own, and the shared ACL db).

Does you reckon this causes too much load on the server or is it not bad practice?
  • El Forum
    Guest
  •  
#2
06-17-2009, 09:39 PM

[eluser]cynge[/eluser]
I don't think it's bad practice and makes sense if you are going to have multiple applications. At universities, for example, many times there is a centralized authentication API for developers to use for their apps for different departments.

As for load, you can think of ways to help with this... storing encrypted login info in a session so you only check authentication once, etc. The additional load is the new db connection you need to make; it looks like it's just the "cost" of doing business in your situation.
  • El Forum
    Guest
  •  
#3
06-18-2009, 04:37 AM

[eluser]jedd[/eluser]
It's a nice idea, and it lets you store your security-related tables on a separate machine. Good for performance, but also particularly good for security, as you can impose stricter limits on that machine - limit by IP who can access it (your various VM's, say, that run the different user-facing apps), and also limit the interface down to a very tight set of API calls (if you want to go the stored procedure approach). Or just have an app running on that box that negotiates the updating and handing over of credentials.

You only hit the machine once per login or password change, so I don't see any performance issues to be concerned with.

I'd have a minor concern about the durability of your ACL to deal with all future applications. It'd presumably need to be painfully generic. Any changes required in the future would necessitate huge sociability testing against your extant apps.

The biggest problem - a corollary of the previous comment I guess - is that you now have a fabulously precarious single point of failure for your entire suite of apps. You'd probably want to look at a cluster of databases to serve this. VM's are cheap, though, so this is more a time & operations problem than a space or power one.




Theme © iAndrew 2016 - Forum software by © MyBB