Multiple client's directories management in an Application Service Provider model

Posted on 2007-04-10
Last Modified: 2013-11-13
I need web-based, platform independent application that implements Application Service Provider (ASP) model.
It will be developed using PHP. I am looking for an open source resource that provides the mechanism on how to manage the multiple client's directories in the application.

Thank you very much.
Question by:llping8
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
LVL 11

Expert Comment

ID: 18887356
Since PHP is not platform independent, that would be difficult. Could you elaborate on what an Application Service Provider model is? Does the client have multiple directories or are there multiple clients whom each have a directory? Where is the directory located, locally on their computer or on a server?

Author Comment

ID: 18887828
Lets assume it is on a Linux server. As I know, Application Service Provider (ASP) model a.k.a. "Software as a service".
There is a server with an application. The application provides service to clients. Basically each client will have their own directory (basically is ONE directory for each client). When a client sign in, he will only able to access his data in his own directory. There is only one application running.

My question is how does PHP  manage the client access? After a client sign in, how PHP can prevent him/her from accessing other client's directory.

Author Comment

ID: 18887832
The client's directory is in the server where the application resides.
WordPress Tutorial 2: Terminology

An important part of learning any new piece of software is understanding the terminology it uses. Thankfully WordPress uses fairly simple names for everything that make it easy to start using the software.


Author Comment

ID: 18888240
Additionally, each client will have his/her own database (MySQL) space to store data. So, when a client sign in, only the respective file directory & database is available for access.
LVL 11

Accepted Solution

walkerke earned 500 total points
ID: 18894684
This is really beyond my expertise, so I hope someone else will contribute.

My own approach to this would be to use PHP's rich file system features to do all the file management. I would assign a unique identifier code to each user and begin each folder and file name with that code, but mask out the code when presenting the directory tree to the client's browser. I would embed a safeguard within the PHP application which prevents the client from maneuvering to a folder or accessing a file that does not being with the same code as the one they are maneuvering from. I would also implement a PHP session and tie the session id to the client id.

MySQL's own security features will prevent one user from accessing another user's data unless they are specifically given access to it.

Author Comment

ID: 18894979
Thank you, walkerke. I appreciate your input. I will search other resources as well.

Author Comment

ID: 18896452

I am googling & yahooing all the while, and only thing that i can think of is the mechanism used in some web content management system. I am wondering, how are those CMS manage so many users directory without letting users view other user's content. Are they open new directory for a new user? I tried to install Mambo in my localhost to do some research.

Author Comment

ID: 18896716
I guess I was wrong about CMS. Each CMS only manage ONE website. With multiple manager can access. But basically they are managing the same site with differrent level of access.  It is a different story.

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Part One of the two-part Q&A series with MalwareTech. provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question