I've got a company e-commerce site built in Rails 2.3 that's up, running, doing fine. However, for several reasons, security chief among them, I'm not allowing ANY way of making changes to the database inside the website's codebase itself (there are absolutely no edit/ update or delete actions anywhere). Instead, I have two separate "updater" applications. And I get told to make a ton of changes all the time.
Maintaining three different applications is a PITA. I'm looking for a better way.
Basically, it's set up like this:
www.example.com <-- primary customer-facing site update.example.com <-- available internally only (in our DNS) - updates products, page copy, etc. fulfillment.example.com <-- where our fulfillment people check to process e-commerce orders (primarily read-only, internal DNS)
The trick is that they all use the same database, which resides on yet a third server: db.example.com
Now, let's say I need to make a model change (or in reality, a LOT of them, damn "business users"). Not only do I have to update www.example.com, but update. and fulfillment. as well. In other words, I'm not updating and maintaining one web application, but instead three.
What I've been doing is writing the new "read" functionality into the customer-facing site, including database migrations, and then making changes to the model where needed in both update applications. So far it's worked fine, but it's pretty kloogy.
I can't put all this under www.example.com for security and PCI-DSS compliance reasons as well as other legal and security reasons my organization enforces. They have to be separate applications and available under separate virtual hosts (Apache/Passenger) to enforce policy.
Is there a better way of doing this, or is what I'm already doing really about the only way to skin this cat?