I am looking to whitelist a corporate financial website to brokers who can re-sell our products.
A commonly cited approach is to clone the codebase and sub-domain it for each client which will allow for their own
media assets and any bespoke programming. The big downside here is maintaining multiple copies of the cloned code base.
Another approach is to use an iFrame of our site within the brokers's sites.
However by creating an alias or symlink of sub domain folders to the original domain enables you to pick up the
sub domain in the request and serve the appropriate content.
Doing this will probably mean a few extra bits in the database to accommodate this extra functionality -
updates are rolled out automatically since changes to the code only happen in one place.
Are there better ways of doing this and what issues might you see with my suggestions ?
There is also the added attack surface you can inadvertantly create by duplicating a code base.
You idea seems viable but I think a separate code and database (if used) on a fully separate domain would be better security-wise. All of our vendors come in through a tunnel if they come from a trusted site. Otherwise everything else gets routed in the DMZ to a dummy domain where they can interact with systems that are not physically connected with us at all. One-off file transfers happen that way.
This User Gave Thanks to jim mcnamara For This Post: