model
(http://www.macromedia.com/devnet/mx/coldfusion/articles/cfc_practices.html)
, I was only left with really one question, and it concerns the design of
the database...
In his example, he has a nice database design where user information is
stored in a table, group information stored in another one, and user/group
linking them together in a many-to-many lookup table. This is good, and I
follow along well, but I have a question about the user table ("security" as
he calls it) in Fig 1.
He's using the username as a primary key in his database, obviously to keep
usernames unique and force them so...and he's only storing username and
password information in that table. What if you wanted to store MORE than
just usernames and passwords though? For instance, what if your "user" table
contains all sorts of other information that's considered a property of a
single user. I don't see how storing them in another table is an appropriate
approach because you end up with a 1 to 1 relationship between the two
tables and at that point, I say to myself, "why not just fold them into one
table?".
So is there any overwhelming security reason why you wouldn't store
additional information in a usertable? For example, in my user table, I've
got the following rows:
UserID (PK)
FirstName
LastName
Username (index, no duplicates)
Password
Role_fk (int)
LastLogin (Date/Time...just keeps getting overwritten with last login date)
EmailAddress
StartDate
IsActive
PhotoURL
BilledAmount
etc...
Is there a valid reason that I don't know about for NOT storing username and
password in this table? It's an easy matter to simply pull this information
out into another table, and write my authentication functions to use that,
but wouldn't it be a one-to-one with the above table? And if it's a
one-to-one, shouldn't it be folded into the above table?
Curious...
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
