Reputation: 671
Database User Details Security
My question is probably quite a basic silly one, but here goes anyway:
When a user registers on my site should I store their personal details (name, address, etc.) in a seperate table from their login information (username, password hash, salt) and if so, should there be any relationship or link between the tables?
Upvotes: 2
Views: 149
Answers (3)
Reputation: 1792
It doesn't matter from a security stand point. Instead, you should think about database design, which is worthy of a Google search.
After you've done your Google research, this may not have been readily apparent. Take a look at this with special notes on 12 and 15:
http://net.tutsplus.com/tutorials/other/top-20-mysql-best-practices/comment-page-1/#comments
Upvotes: 2
Reputation: 2903
Storing them in separate tables don't adds anything for the security aspect.
If you decide to store them separately for some reason, both tables should be linked to determine which login information belongs to who.
Upvotes: 4
Reputation: 829
You will still have to link them in some way otherwise you wouldn't know who's who so it would be pointless to do it from a security standpoint.
Upvotes: 1