I’m developing a multitenant application with Yii, and I have some doubts to know what’s the best solution to my doubts and problems.
To ensure that the application is secure and a tenant cannot access to the data of other tenants, we are developing the solution described in this article http://www.reachcrm.com/2010/03/11/multi-tenant-strategy-for-saas-using-mysql5/.
I will explain briefly the solution, all the registers of all the tenants are in the same table and are identified by a tenant identifier, so to avoid tenants can access to all the registers of that table due to a bug or a security attack, the access to the data is throug an SQL VIEW. This view only shows the records which tenant identifier is the same than the database username that is used to connect to the DB (CREATE VIEW
v_product AS select * from
tbl_product where user()=
tenant identifier). So I have to know what tenant is and connect to the database with its identifier.
For that I write a new class CCustomClientActiveRecord which extends CActiveRecord and overwrites the getDbConnection() method, and all the models will extend from this new class. So my doubt is the same.
1- I’m new in php and yii and I don’t know where to put the CCustomClientActiveRecord to be found by the application, I put with the Yii framework files and inside the extensions folder and adding the path to the include section of the Yii configuration file, but the application doesn’t find this class. Can anyone help me in this? I come from Java and I’m lost without packages and imports .
2- Overwrite the getDbConnection is the best solution to implement the solution of the article? Is there any other solution you think is better?
3- The way to identify the tenant identifier is by the domain and subdomain of the URL, this information will be in the DataBase but I would like to make a cache class that stores the last domains and subdomains requests and its tenant identifier. It should be stored in memory and common for all the request of the web server. What’s the best way to do it in php or Yii (I’m new)? Is there something similar developed in Yii?
Thanks in advance.