I want to offer an application to customers. I see that many applications on the internet have subdomain created for every client when he is creating an account. Is this good practice in terms of security or it doesnt make any difference if all the customers are logging in from a single domain? What are the pros and cons in both cases?
Thank you
This is a rather broad question so this is a very broad answer: From experience managing various things in IT, creating a sub-domain for each customer will make your life easier in the future. With a few clients 1 domain will be fine, but with many clients(probably 20+) it will become very difficult to do things like implement features per customer (ie: some feature can use the domain name to differentiate customers), detailed logging per customer, etc. Given you can give each client some other unique key, but domain name would be easy to key off of.
That being said, if you offering 1 application to many customers then 1 domain will be fine and this is done by many application vendors. But if you're offering many different custom applications to many different customers, then the more separation the better. It'll help overall management, reporting and it wouldn't hurt on the security side of things.
Also keep in mind, depending on the type of applications your offering to whom, customers may prefer or require separation from your other clients to meet industry standards or compliance laws, having separate domains might make this simpler or easier to achieve.
