Should we use prefixes in our database table naming conventions?

前端 未结 7 2189
攒了一身酷
攒了一身酷 2021-02-05 22:03

We are deciding the naming convention for tables, columns, procedures, etc. at our development team at work. The singular-plural table naming has already been decided,

7条回答
  •  悲&欢浪女
    2021-02-05 23:06

    I don't see how any naming convention can improve security...

    If an intruder have access to the database (with harmful permissions), they will certainly have permissions to list table names and select to see what they're used for.

    But I think that truly confusing table names might indirectly worsen security. It would make further development hard, thus reducing the chance security issues will be fixed, or it could even hide potential issues:

    If a table named (for instance) 'sro235onsg43oij5' is full of randomly named coloumns with random strings and numbers, a new developer might just think it's random test data (unless he touches the code that interact with it), but if it was named 'userpasswords' or similar any developer who looks at the table would perhaps be shocked that the passwords is stored in plaintext.

提交回复
热议问题