#multitenancy — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #multitenancy, aggregated by home.social.
-
🚀 New blog post + django-rls-tenants 1.1.0 is out!
TL;DR: PostgreSQL RLS policies can't use your indexes because current_setting() isn't leakproof. The query planner falls back to sequential scans and applies tenant filtering row-by-row. On large tables, this hurts.v1.1 fixes this by adding automatic ORM-level WHERE tenant_id = X alongside RLS - so Postgres uses your composite indexes for the fast path while RLS still enforces isolation as a safety net.
Also in this release:
→ select_related() now propagates tenant filters across joins
→ threading.local replaced with contextvars (ASGI-safe)
→ Superuser detection at startup (RLS is silently bypassed otherwise!)
→ Better exception handling in middleware
→ CASE WHEN policy rewrite for cleaner evaluation
Full write-up: https://dev.to/dvoraj75/postgresql-rls-is-fail-closed-but-is-it-fast-making-django-rls-tenants-index-friendly-2j18
GitHub: https://github.com/dvoraj75/django-rls-tenants
#Django #PostgreSQL #Python #MultiTenancy #RLS #OpenSource -
🚀 New blog post + django-rls-tenants 1.1.0 is out!
TL;DR: PostgreSQL RLS policies can't use your indexes because current_setting() isn't leakproof. The query planner falls back to sequential scans and applies tenant filtering row-by-row. On large tables, this hurts.v1.1 fixes this by adding automatic ORM-level WHERE tenant_id = X alongside RLS - so Postgres uses your composite indexes for the fast path while RLS still enforces isolation as a safety net.
Also in this release:
→ select_related() now propagates tenant filters across joins
→ threading.local replaced with contextvars (ASGI-safe)
→ Superuser detection at startup (RLS is silently bypassed otherwise!)
→ Better exception handling in middleware
→ CASE WHEN policy rewrite for cleaner evaluation
Full write-up: https://dev.to/dvoraj75/postgresql-rls-is-fail-closed-but-is-it-fast-making-django-rls-tenants-index-friendly-2j18
GitHub: https://github.com/dvoraj75/django-rls-tenants
#Django #PostgreSQL #Python #MultiTenancy #RLS #OpenSource -
🚀 New blog post + django-rls-tenants 1.1.0 is out!
TL;DR: PostgreSQL RLS policies can't use your indexes because current_setting() isn't leakproof. The query planner falls back to sequential scans and applies tenant filtering row-by-row. On large tables, this hurts.v1.1 fixes this by adding automatic ORM-level WHERE tenant_id = X alongside RLS - so Postgres uses your composite indexes for the fast path while RLS still enforces isolation as a safety net.
Also in this release:
→ select_related() now propagates tenant filters across joins
→ threading.local replaced with contextvars (ASGI-safe)
→ Superuser detection at startup (RLS is silently bypassed otherwise!)
→ Better exception handling in middleware
→ CASE WHEN policy rewrite for cleaner evaluation
Full write-up: https://dev.to/dvoraj75/postgresql-rls-is-fail-closed-but-is-it-fast-making-django-rls-tenants-index-friendly-2j18
GitHub: https://github.com/dvoraj75/django-rls-tenants
#Django #PostgreSQL #Python #MultiTenancy #RLS #OpenSource -
🚀 New blog post + django-rls-tenants 1.1.0 is out!
TL;DR: PostgreSQL RLS policies can't use your indexes because current_setting() isn't leakproof. The query planner falls back to sequential scans and applies tenant filtering row-by-row. On large tables, this hurts.v1.1 fixes this by adding automatic ORM-level WHERE tenant_id = X alongside RLS - so Postgres uses your composite indexes for the fast path while RLS still enforces isolation as a safety net.
Also in this release:
→ select_related() now propagates tenant filters across joins
→ threading.local replaced with contextvars (ASGI-safe)
→ Superuser detection at startup (RLS is silently bypassed otherwise!)
→ Better exception handling in middleware
→ CASE WHEN policy rewrite for cleaner evaluation
Full write-up: https://dev.to/dvoraj75/postgresql-rls-is-fail-closed-but-is-it-fast-making-django-rls-tenants-index-friendly-2j18
GitHub: https://github.com/dvoraj75/django-rls-tenants
#Django #PostgreSQL #Python #MultiTenancy #RLS #OpenSource -
Your Django ORM protects tenant data. Your raw SQL doesn't. 😬
That's why I built django-rls-tenants — multitenancy powered by PostgreSQL Row-Level Security, enforced at the database level.
🔒 Every query is filtered — ORM, raw SQL, even dbshell
🚫 Missing tenant context? Zero rows returned, never a data leak
📦 Single schema, no connection routing headaches
⚡ Drop-in: one base model, one middleware, doneUnlike schema-based or ORM-rewriting approaches, RLS policies live in PostgreSQL itself. The database becomes your last line of defense — not your app code.
Supports Python 3.11+, Django 4.2–6.0, PostgreSQL 15+.
Just shipped v1.0.0 🚀
pip install django-rls-tenants
📖 Docs & source: https://github.com/dvoraj75/django-rls-tenants
Feedback, stars & contributions welcome! ⭐
#Django #Python #PostgreSQL #MultiTenancy #RowLevelSecurity #OpenSource #WebDev #SaaS #InfoSec #Database
-
🚀 Day 1 on django-rls-tenants — bringing true PostgreSQL Row-Level Security to Django multitenancy!
Instead of separate schemas or filtered querysets, this library leverages native RLS policies at the DB level to isolate tenant data automatically.
✅ Pros:
• True DB-level isolation — tenants can't bleed into each other
• Transparent to Django ORM — no custom managers needed
• Leaner than schema-per-tenant approaches
• Scales well for high tenant counts
• Security enforced even outside the app layer❌ Cons:
• PostgreSQL-only (no MySQL/SQLite support)
• RLS policies add complexity to migrations
• Debugging cross-tenant issues can be tricky
• Superuser connections bypass RLS — needs care
• Less community tooling than shared-schema approachesStill very early, but the foundations are solid. Would love feedback from anyone who's tackled multitenancy in Django before! 🐘🐍
#Django #PostgreSQL #Python #Multitenancy #RLS #RowLevelSecurity #OpenSource #WebDev #SaaS #DjangoORM #DevLife
-
🚀 Day 1 on django-rls-tenants — bringing true PostgreSQL Row-Level Security to Django multitenancy!
Instead of separate schemas or filtered querysets, this library leverages native RLS policies at the DB level to isolate tenant data automatically.
✅ Pros:
• True DB-level isolation — tenants can't bleed into each other
• Transparent to Django ORM — no custom managers needed
• Leaner than schema-per-tenant approaches
• Scales well for high tenant counts
• Security enforced even outside the app layer❌ Cons:
• PostgreSQL-only (no MySQL/SQLite support)
• RLS policies add complexity to migrations
• Debugging cross-tenant issues can be tricky
• Superuser connections bypass RLS — needs care
• Less community tooling than shared-schema approachesStill very early, but the foundations are solid. Would love feedback from anyone who's tackled multitenancy in Django before! 🐘🐍
#Django #PostgreSQL #Python #Multitenancy #RLS #RowLevelSecurity #OpenSource #WebDev #SaaS #DjangoORM #DevLife
-
PostgreSQL RLS в Go, Часть 2: Архитектура Highload. Паника, гонки и 10 000 партиций
В первой части было разобрано, как настроить RLS в Go, почему is_local=true спасает от утечек в PgBouncer, и как покрыть это интеграционными тестами. Если вы еще не настроили базовую изоляцию, начните оттуда. Сегодня мы пойдем глубже. Мы не будем говорить о синтаксисе. Мы поговорим об архитектуре. О том, почему RLS - это не просто "удобный фильтр", а нативный механизм инкапсуляции, который решает проблемы распределенных систем и рисков безопасности прямо в слое данных, не раздувая Ops-сложность до сотен схем и баз. Кому и зачем читать? Junior/Middle: Поймете, почему RLS - это архитектурный выбор, а не просто WHERE tenant_id = ? . Узнаете про TOCTOU и как его избежать. Senior/Architect: Увидите паттерны для highload (партиционирование + RLS) и production-грабли (матвьюхи, репликация).
https://habr.com/ru/articles/988744/
#Go #Golang #PostgreSQL #RLS #Multitenancy #Backend #Database_Security #архитектура #highload
-
Как перестать писать WHERE tenant_id и отдать безопасность базе (PostgreSQL RLS в Go)?
В одном из прошлых проектов случился «кошмар техлида»: в суматохе хотфикса было забыто добавление фильтра WHERE tenant_id = ? в одну из ручек API. В итоге один клиент увидел отчеты другого. Все быстро откатили, но я навсегда запомнил то холодное чувство в животе. Когда начали проектировать архитектуру следующего проекта, я понял, что полагаться на внимательность разработчиков на код-ревью - это тупик. Рано или поздно кто-то устанет, ошибется, и данные снова протекут. Искал способ гарантировать изоляцию данных так, чтобы ее физически нельзя было забыть. Почему стандартные решения не подошли? Перебрал классическую тройку вариантов, и у каждого нашлись фатальные минусы для задачи: 1. Логическая изоляция (WHERE в коде)? Как это работает: Тысячи строк кода, и в каждом запросе ты обязан помнить про tenant_id . Проблема: Человеческий фактор. Это бомба замедленного действия. 2. Схема на клиента (Schema-per-tenant) Как это работает: У каждого клиента своя схема ( schema_01 , schema_02 ...). Проблема: Это работает, пока клиентов 100. Когда их становится 10 000, база начинает задыхаться. Детали: Проблема даже не в миграциях, а в файловой системе. 10 000 клиентов × 50 таблиц = 500 000 файлов. Postgres (и Linux) сходят с ума от такого количества открытых дескрипторов, а VACUUM превращается в ад. 3. Отдельная БД на клиента Как это работает: Полная физическая изоляция. Проблема: Ценник на инфраструктуру. Держать тысячи коннектов или инстансов RDS - экономическое самоубийство для стартапа. Тогда посмотрел в сторону PostgreSQL Row Level Security (RLS) . Честно говоря, поначалу было страшно. Отдавать логику безопасности "черному ящику" внутри БД казалось рискованным. Плюс, все вокруг пугали: "RLS убьет производительность".
https://habr.com/ru/articles/987364/
#Golang #PostgreSQL #RLS #Multitenancy #Backend #Testcontainers #Database_Security #Архитектура
-
☠️ Oh joy, yet another tale of how #SQLite3 becomes a sardine can when you try to cram in #multitenancy with Rails! 🐟 Apparently, the author's groundbreaking revelation is that ignoring #multithreading makes your app collapse faster than my interest in reading this. 🚀
https://blog.julik.nl/2025/04/a-can-of-shardines #Rails #Issues #SardineCan #HackerNews #ngated -
Hangfire + Multi Tenancy
Краткий туториал, как организовать обработку фоновых задач с приоритетами для условного SaaS продукта с разделением клиентских данных.
-
Solve the multi-tenancy problem in Kubernetes and reduce costs at the same time? 🤔 Virtual clusters – aka vClusters – have their own API server and are therefore more powerful and better isolated than namespaces. 🚀🏝️ But that's not all: they are also much cheaper than real Kubernetes clusters. 💰 You can find all further details about our vCluster offer here https://nine.ch/products/vcluster/ on our website. 🔗 #vcluster #kubernetes #multitenancy #namespaces #nine
-
Solve the multi-tenancy problem in Kubernetes and reduce costs at the same time? 🤔 Virtual clusters – aka vClusters – have their own API server and are therefore more powerful and better isolated than namespaces. 🚀🏝️ But that's not all: they are also much cheaper than real Kubernetes clusters. 💰 You can find all further details about our vCluster offer here https://nine.ch/products/vcluster/ on our website. 🔗 #vcluster #kubernetes #multitenancy #namespaces #nine
-
Solve the multi-tenancy problem in Kubernetes and reduce costs at the same time? 🤔 Virtual clusters – aka vClusters – have their own API server and are therefore more powerful and better isolated than namespaces. 🚀🏝️ But that's not all: they are also much cheaper than real Kubernetes clusters. 💰 You can find all further details about our vCluster offer here https://nine.ch/products/vcluster/ on our website. 🔗 #vcluster #kubernetes #multitenancy #namespaces #nine
-
Solve the multi-tenancy problem in Kubernetes and reduce costs at the same time? 🤔 Virtual clusters – aka vClusters – have their own API server and are therefore more powerful and better isolated than namespaces. 🚀🏝️ But that's not all: they are also much cheaper than real Kubernetes clusters. 💰 You can find all further details about our vCluster offer here https://nine.ch/products/vcluster/ on our website. 🔗 #vcluster #kubernetes #multitenancy #namespaces #nine
-
How to Build a #Multitenancy Internal Developer Platform (#IDP) with #GitOps and #vCluster
-
How to Build a #Multitenancy Internal Developer Platform (#IDP) with #GitOps and #vCluster
-
How to Build a #Multitenancy Internal Developer Platform (#IDP) with #GitOps and #vCluster
-
How to Build a #Multitenancy Internal Developer Platform (#IDP) with #GitOps and #vCluster
-
How to Build a #Multitenancy Internal Developer Platform (#IDP) with #GitOps and #vCluster
-
Finished Chapter 2 of "Building Multi-Tenant SaaS Architectures" by Tod Golding [1]. Curious what it will teach me at the end and the other 15 Chapters have to offer. Has anyone else read the book already? Thoughts?
[1] https://www.oreilly.com/library/view/building-multi-tenant-saas/9781098140632/
#saas #architecture #multitenant #multitenancy #aws #serverless