mysql - PHP App Save User Data, password and login info is better in more than one table?
Get the solution ↓↓↓Solution:
Yes, this could be done as a defense in depth approach to security.
You could have one table that stores username, and bcrypt password hashes, and the database account that authentication uses is limited to this table only.
Another approach is to have another database that the page that authenticates has access to, then use another database for the rest of your site that the post-authentication connection uses.
This would limit any data extraction from your system if a vulnerability such as SQL injection exists. Of course it is better to concentrate on protecting your system against existing vulnerabilities initially, then design in separate databases as a part of a system hardening exercise. Separation of databases will help you if there are any future mysql vulnerabilities that may allow injection of queries. You never know if such vulnerabilities exist until they are discovered.
Answer
Solution:
It's ok to use one table. Don't store password in the db, only it's hash to compare in the future.
Answer
Solution:
Separate your back end from the UI well. Escape all user inputs. The question is not about storing the data in one table. It is about how strong the protection of the entire DB is.
Share solution ↓
Additional Information:
Link To Answer People are also looking for solutions of the problem: dompdf image not found or type unknown
Didn't find the answer?
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Similar questions
Find the answer in similar questions on our website.
Write quick answer
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.