I’m trying to figure out a good, secure way to have a single directory of files (one instance of our application) connect to a single database out of a range of multiple possibilities. The way we used to do things was each customer had one set of files and one database, and their set of files would be configured to link directly to their database. This works, however it’s been making it difficult to keep a standardized version of the application across all customers; ensuring everyone has the latest updates.
The one way I was thinking of tackling it was to have a unique, generic database that’s used for the login process. Within that database would be a field that contains the name of the user’s specific database, which would then be stored in their session. Once they’ve logged in the application would then look to the session to get the name of their database, and connect to that directly.
I’m pretty sure that approach would work, I’m just worried that it could have some security faults. Any advice on how to handle this?
The only thing you need to know per customer is the user, pass, dbname, and hostname for the database connection. I’d simply store these in a configuration file, one per customer, named according to the customer:
Then your app picks which config file to load based on an environment variable set in the VHOST or even by the value in $_SERVER[‘HTTP_HOST’].
For example, your index.php might have something like:
Then create:
as:
(Er, sorry, you wouldn’t require_once an ini file, but you get the idea…)