[hibernate-dev] multi-tenancy in Hibernate and JPA 2.1
Steve Ebersole
steve at hibernate.org
Wed Apr 4 17:26:30 EDT 2012
> I am not sure how the PaaS multi-tenant config will look like exactly but if we can
> automatically prefix the 2LC regions without adding an explicit mandatory property
> that would be nice.
Sure. The problem is that in the JPA-supported PaaS model, there is
only really a need to know the tenant identifier when using
SHARED_TABLE approach. There is a part of the proposal about making
the tenant identifier available via ENC/JNDI. However, given that only
the SHARED_TABLE approach (what we call DISCRIMINATED btw) in JPA needs
access to it, I was not clear if that would be available to all
approaches. But even there, I am not sure the ENC entry would be
available when the EMF is getting built. This ties into THE critical
difference between the multi-tenancy support I did already and what JPA
is proposing: namely, Hibernate multi-tenancy supports a single SF/EMF
instance serving multiple tenants, whereas the JPA model would
constrain one EMF to serve a single tenant.
So short answer.. I don't know either. But if it the tenant identifier
is know when building EMF/SF, then yes, the plan was to use region
prefixes.
> There is also a case to be made to not allow different tenants to see each other data.
Obviously ;)
> so unless we can catch all malicious SQL queries, it's better disabled by default.
> though I could see an app developer knowing his environment and enabling the
> option if needed.
I guess the question is more about whether people had ideas for
"catch(ing) [and properly morphing] all malicious SQL queries". In my
opinion, thats a pretty tall task. Essentially we would need
database-specific SQL parsers
--
steve at hibernate.org
http://hibernate.org
More information about the hibernate-dev
mailing list