I'm trying to get a handle on the different ways of maintaining data separation in Rails. From what I've read it looks like usually the security is handled entirely as an aspect within the Model.
I constantly find it amusing that whenever a 'new' way of doing applications is created, they always ignore the security systems that have gone before. First we had operating system security with its user and group database. Then we have databases with their own security model. Now we have web apps reinventing that particular wheel once again sitting in a single operating system user space and logging onto the database with a single all powerful user.
Unfortunately the application I have in mind involves account data, and I can't afford a bug in an application exposing one customer's data to another. I need something more substantial than that. (And there are other reasons - such as backup). However I still want to share physical infrastructure.
My thoughts are that there should be a URL per customer driving their own mongrels locked onto their own version of the database. However the standard infrastructure support tools don't support that way of doing things.
Are there any other thoughts about how the security separation should be enforced?
Rgs
NeilW
