2

I have SAAS type application and I am providing it service to many users. It is developed using php. I want to know which structure is better, right now I have subdomain structure, each group is different subdomain, though all uses same code from one source. so it like 

group1.domain.com
group2.domain.com

both uses single code but behave has separate application.

Another structure is also available in which we specify group in URL and not as subdomain like 

domain.com/group1
domain.com/group2

My question is which structure is better in terms of scalability and security ? do subdomain or url structure have any security issue ? Which is better if we need to scale and use multiple server which will be better?

Accountant م
  • 4,969
  • 2
  • 30
  • 49
Jay
  • 704
  • 1
  • 14
  • 40
  • 1
    I think this is an opinion based question, it fits more for [server-fault](https://serverfault.com/) and i[nformation-seurity](https://security.stackexchange.com/users/149722/) . I will go with the domain for scalability as the requests will be routed by the domain server, without the need to a load balancer which you will need to scale one domain. And for the security I will go with domains also because of the same-origin-policy security benefits that you will get for free. – Accountant م Sep 14 '19 at 14:40

1 Answers1

0

I'm not going to explore the full details about scalability and security, but there is an inherent difference about how the two URL types are handled which is basically the starting point for all other considerations:

  1. Sub-domain routing is controlled by the DNS system and therefore can be routed without requiring any input from the server hosting the site. Changes to routing have a time-lag.
  2. Path-based routing is controlled by the web server (e.g. Apache) and therefore needs to be handled by your server or infrastructure. Changes can be applied instantaneously.

Given that you can configure multiple sub-domains to point to the same server, anything you can do in scenario #2 you can also acheive via scenario #1. Therefore, the question is what advantages do you gain from using sub-domains and what are the disadvantages.

Advantages:

  • Routing is cheap, as it is handled via the DNS system.
  • Routing is flexible - it is easy to move a particularly troublesome user to their own server if they are impacting performance of other users. With path-based routing this would require additional infrastructure.
  • If you offer e-mail services, each client has their own sub-domain and therefore has no restriction on mailbox names.
  • This will allow you to have per-client SSL certificates, rather than a single certificate for all clients (though the latter is still possible).

Disadvantages:

  • Adding/removing new clients is harder to automate, as it requires a DNS update.
  • Changes take a short while to propagate, rather than applying instantly.
HappyDog
  • 860
  • 10
  • 34