问题
I have a user table in mysql containing all user data (firstname, surname, address, etc)
But should I store the authentication details in another table (username, password) and link the two tables via a user ID?
Is there much point in this?
Is it more secure?
or does it just add extra coding?
回答1:
Is there much point in this?
Nope, not at all.
Is it more secure?
If someone can access your users table they can surely access whatever other table the passwords are on, so no.
or does it just add extra coding?
Pretty much. You'll have to a lot of excess JOINs to get the password info when there's really no reason to be dividing up the data in the first place.
回答2:
Is there much point in this?
No.
Is it more secure?
How could it be? Database credentials apply to the whole database.
just add extra coding?
Precisely.
回答3:
Reusing the answers template to add my 2 cents:
Is there much point in this?
YES! it reduces overhead.If you only need to authenticate users, you don't need to fetch their profile info. It saves bandwidth and makes efficient tables.
Is it more secure?
Nope
or does it just add extra coding?
Well it is slightly more work but worth it as it's good Application Architecture. You're doing your future self a favor by designing a system that can scale. Also if you work with a framework you won't feel it.
来源:https://stackoverflow.com/questions/8555686/advantages-of-having-user-authentication-details-stored-in-a-separate-table