Hacker News new | past | comments | ask | show | jobs | submit login

That's assuming you lock down access at the level of the application instance. If you create an instance with permission to read all data, it doesn't matter that it's been created by a single request… it's still got permission to read everything. Not saying a single request instance isn't a win for security, but you'll have to build your app around this concept to get that win.



To make application truly multi-tenant you will need to adopt "share nothing" concept anyway. We just supply you with a "share nothing" infrastructure.


I am not able to wrap my head around this.

If I have to run a database, say postgresql, how do I run it? Inside the ZeroVM or outside? To run the DB I would need to give it file system access?

Now if there is a security hole in postgresql, how is it guaranteed that files other than DB files are never accessed?


If you have to run a single database for multi-tenant application you're in for some real pain. For example: how will you shard it? How will you load-balance it? ZeroVM approach to cloud is that "cloud is the database". ZeroVM sessions have transactional qualities: deterministic, isolated, can be rolled back, etc. Essentially we integrate distributed storage with "stored procedures" and "triggers", this is what ZeroVM cloud looks like.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: