> The design we are taking is that when we start hosting, we > have to keep different clients data in different databases, > at least that's what my boss says because the clients > wouldn't go for their data sharing a DB with another company. > Of course, we can't put to many companies data on one SQL > server, so we were going to have everybody pass in what > company they belonged to and we would know what server and DB > to use for that user.
I really hope I'm reading this wrong. You're going to let the *clients* tell you who they are? This is analogous to being able to withdraw money from my bank account because I say I'm Craig Andera. I have to assume that there's a password in here somewhere, but you wouldn't be the first person to try to do it the wrong way, so I thought I'd ask. In any case, you can only pool connections that have exactly the same server, username, password, etc., so if you split across multiple databases, your pooling will necessarily be less effective. Honestly, I think clients concerns about you being in the same DB as other companies' is weak at best. Presumably, if I compromise your app, they're just as screwed whether the data is in one DB or many. Unless they think that it's somehow going to magically leak across rows... You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
