Does this make sense for a logon table:
CREATE TABLE Logon
(
ID INT NOT NULL IDENTITY PRIMARY KEY,
name VARCHAR(15) NOT NULL,
password VARCHAR(15) NOT NULL
)
GO
CREATE UNIQUE INDEX IX_Logon_Name ON Logon(name)
CREATE INDEX IX_Logon_NameAn dPassword ON Logon(name,pass word)
GO
I do want the name to be unique but also will search frequently on both
name & password. Is this how it should be done? I don't fully
understand the difference between placing a single index in name &
password VS one on both name & password.
12  4140 
Cecil (ce********@yah oo.com) writes: Does this make sense for a logon table:
CREATE TABLE Logon
(
ID INT NOT NULL IDENTITY PRIMARY KEY,
name VARCHAR(15) NOT NULL,
password VARCHAR(15) NOT NULL
)
GO
CREATE UNIQUE INDEX IX_Logon_Name ON Logon(name)
CREATE INDEX IX_Logon_NameAn dPassword ON Logon(name,pass word)
GO
I do want the name to be unique but also will search frequently on both
name & password. Is this how it should be done? I don't fully
understand the difference between placing a single index in name &
password VS one on both name & password.
I don't see the purpose of the ID column? Why not make the name the primary
key?
The index on (name, password) does not seem very useful here. Usually an
index on the form (uniquecolumn, othercolumn) is not meaningful, but it
can be sometimes, to achieved so-called covered queries. But as long as
the table does not have lots of other columns, it's difficult to see a
case for it here.
--
Erland Sommarskog, SQL Server MVP, es****@sommarsk og.se
Books Online for SQL Server 2005 at http://www.microsoft.com/technet/pro...ads/books.mspx
Books Online for SQL Server 2000 at http://www.microsoft.com/sql/prodinf...ons/books.mspx
>>I don't see the purpose of the ID column? Why not make the name the primary key?
I was thinking of doing that, but I intend for the Logon table to be
like an ID card. Only for efficient identification. I wanted to reuse
this table design in multiple projects that would require
authentication.
So if I later had an employee say, that needs to login, rather than add
a username,passwo rd to the Employee table I could simply add a LogonID
field to the employee table to link it w/ their identification record
in the Logon table.
Do you think this is a bad idea?
Also I thought it would be faster to always use an int ID as my primary
key instead of a string for searching and joining.
If I were to have a foreign key linking to the logon table I'd have to
stick the whole string as the foreign key instead of just an int. So it
was my plan to make sure each table had an int primary key even if it
was possible to uniquely id a record by an already present column like
username.
Again, do you think this is a bad idea? What would you name the foreign
key to a varchar username field? usernameID? It just seems like it
should be a number to me if it has ID appended to it. I like using ID
becuase I know it is a key of somekind when I see it but maybe I
shouldn't do that.
I was reading a post by someone earlier who suggested to me that all
field names be unique across my schema. So if I understand him
correctly:
LogonID, LogonName, & LogonPassword would be better field names.
LogonPassword seems sorta like overkill compared to just password but
if you're going to be unique you might have another field called
password in another table so I guess you'd have to do it that way.
Almost like table-qualifying each field name.
I'm starting a simple DB from scratch so I'm trying to use as good a
practices as I can and would be very interested in your reccomendations
Erland. Thanks.
Cecil wrote: I don't see the purpose of the ID column? Why not make the name the primary
key?
I was thinking of doing that, but I intend for the Logon table to be
like an ID card. Only for efficient identification. I wanted to reuse
this table design in multiple projects that would require
authentication.
Name would still be unique though wouldn't it? So it should still have
a unique constraint on name.
Storing passwords in the database is an inherent security flaw. Don't
store them, encrypted or otherwise. If you must, store a secure hash of
the password. If you are using SQL Server 2005 then use the built in
encryption / authentication. Where possible, use integrated security
rather than invent your own.
--
David Portas
SQL Server MVP
--
David Portas wrote: Cecil wrote:
>I don't see the purpose of the ID column? Why not make the name the primary
>key?
I was thinking of doing that, but I intend for the Logon table to be
like an ID card. Only for efficient identification. I wanted to reuse
this table design in multiple projects that would require
authentication.
Name would still be unique though wouldn't it? So it should still have
a unique constraint on name.
Apologies, I see that you have declared a unique INDEX on name. A
unique CONSTRAINT is virtually equivalent however and is usually the
preferred choice rather than an index.
--
David Portas
SQL Server MVP
--
I agree Windows Auth is the way to go, but this DB is for a website and
as such, Windows Auth is not practical.
I was planning to encrypt the password using .NET before storing it in
the DB.
I'm not sure what the built in encryption / authentication SQL2005 has
other than Windows Auth. Is there another feature?
I used an unique index on name because I wished to have fast lookups of
names. I thought an index was how to best accomplish this, No?
I'm not possitive when to use indexex on a column and when to do so on
multiple columns. I don't get the difference.
I'd still have the 'ID' column but make it a surrogate key instead and use
that on other tables, may be a permissions, for example....
create table Logon (
id int not null identity constraint sk_logon unique clustered,
name varchar(15) not null constraint pk_logon primary key
nonclustered,
password varchar(15) not null
)
In other tables you would use Logon.id and not Logon.name, so if you had a
permissions table say you'd do it like this...
create table Permission (
id int not null identity constraint sk_permission unique
nonclustered,
logon_id int not null references Logon( id ),
security_ticket _id int not null references SecurityTicket ( id ),
constraint pk_Permission primary key clustered ( logon_id,
security_id )
)
Then in the application use 'id' everywhere, it encapsulates the data and
allows for 'name' to change without breaking the application logic.
Tony.
--
Tony Rogerson
SQL Server MVP http://sqlserverfaq.com - free video tutorials
"Erland Sommarskog" <es****@sommars kog.se> wrote in message
news:Xn******** **************@ 127.0.0.1... Cecil (ce********@yah oo.com) writes: Does this make sense for a logon table:
CREATE TABLE Logon
(
ID INT NOT NULL IDENTITY PRIMARY KEY,
name VARCHAR(15) NOT NULL,
password VARCHAR(15) NOT NULL
)
GO
CREATE UNIQUE INDEX IX_Logon_Name ON Logon(name)
CREATE INDEX IX_Logon_NameAn dPassword ON Logon(name,pass word)
GO
I do want the name to be unique but also will search frequently on both
name & password. Is this how it should be done? I don't fully
understand the difference between placing a single index in name &
password VS one on both name & password.
I don't see the purpose of the ID column? Why not make the name the
primary
key?
The index on (name, password) does not seem very useful here. Usually an
index on the form (uniquecolumn, othercolumn) is not meaningful, but it
can be sometimes, to achieved so-called covered queries. But as long as
the table does not have lots of other columns, it's difficult to see a
case for it here.
--
Erland Sommarskog, SQL Server MVP, es****@sommarsk og.se
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/pro...ads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinf...ons/books.mspx
Yeah I think that's a good idea Tony.
That's essentially what I had in mind, perhaps making the ID a
surrogate key does better model what I'm doing w/ it.
Cecil (ce********@yah oo.com) writes: So if I later had an employee say, that needs to login, rather than add
a username,passwo rd to the Employee table I could simply add a LogonID
field to the employee table to link it w/ their identification record
in the Logon table.
Do you think this is a bad idea?
The ID is superfluous when you have a natural key in the username.
Sometimes surrogates keys are called for.
Also I thought it would be faster to always use an int ID as my primary
key instead of a string for searching and joining.
Or it's slower. Say you want to display list which includes the username.
If the username is the foreign key, it's already in the table. With an
ID, you will have to join to the Logins table. And the ID column makes
the table larger, and more space means worse performacne.
The true story, that this is the wrong place to look for performance in,
Whatever you do, it is not likely to have any measurable effect, as I
suspect the volumes will be modest here. Manageability is much more
important, and a username without ID appears more manageable here. The one
case where an ID is nicer, is when a user wants to change his username.
If I were to have a foreign key linking to the logon table I'd have to
stick the whole string as the foreign key instead of just an int. So it
was my plan to make sure each table had an int primary key even if it
was possible to uniquely id a record by an already present column like
username.
That's a bad plan. Surrogates are sometimes called for. For instance,
an Orders table typically as an integer key generated by the system.
But an OrderDetails table should have a two-column key with OrderID
and RowNumber (or ProductId).
--
Erland Sommarskog, SQL Server MVP, es****@sommarsk og.se
Books Online for SQL Server 2005 at http://www.microsoft.com/technet/pro...ads/books.mspx
Books Online for SQL Server 2000 at http://www.microsoft.com/sql/prodinf...ons/books.mspx
Cecil (ce********@yah oo.com) writes: I agree Windows Auth is the way to go, but this DB is for a website and
as such, Windows Auth is not practical.
I was planning to encrypt the password using .NET before storing it in
the DB.
I'm not sure what the built in encryption / authentication SQL2005 has
other than Windows Auth. Is there another feature?
SQL 2005 has a whole slew of encryption stuff with asymmetric keys,
symmetric keys, certificates and God knows what. And they are not
dependent on how you log in.
Encryption is not my best subject, but you are probably right encrypting
the password already in the app. Sending it in clear text over the wire
is not that good.
--
Erland Sommarskog, SQL Server MVP, es****@sommarsk og.se
Books Online for SQL Server 2005 at http://www.microsoft.com/technet/pro...ads/books.mspx
Books Online for SQL Server 2000 at http://www.microsoft.com/sql/prodinf...ons/books.mspx This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: sam |
last post by:
HI,
I installed php4 for apached and restart apache afterward. but my little
php script generated error followint error:
PHP Notice: Undefined index: myname in
/usr/local/www/data-dist/www.authtec.com/php-test.php on line 2
I was trying to run the following php script in apache:
<?php
|
by: Phil Latio |
last post by:
I am following a book on PHP and MySQL and have come across the below SQL
statement.
CREATE TABLE users (
user_id MEDIUMINT(8) UNSIGNED NOT NULL AUTO_INCREMENT,
username VARCHAR(20) NOT NULL,
first_name VARCHAR(15) NOT NULL,
last_name VARCHAR(30) NOT NULL,
email VARCHAR(40) NULL,
password VARCHAR(16) NOT NULL,
|
by: John Meyer |
last post by:
index:
<%@ Page Language="VB" ContentType="text/html"
ResponseEncoding="iso-8859-1" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.OleDb" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
|
by: abeb |
last post by:
Hi all,
I recently given a task to upgrade a running server (PostgreSQL7.3+Apache2.0+PHP4.2) to a new server with PostgreSQL8.1+Apache2.2+PHP5.1 installed (all Fedora Core 6 packages). All is running well, except the old php scripts. Plz bare with me I'm not a programmer, I've spent a month researching the PHP manual, the net, other forum and still can't exactly point out the porblem.
I have set register_globals on and...
|
by: roamnet |
last post by:
hi
i created database file with .mdf extention ,sql server as a source
and use grid view to display data
there're no problem in data retrieve and display,but i want to edit it
or insert new records
there is an error "Incorrect syntax near '-'.
Must declare the scalar variable "@UserName".
I worked out in design view,code is automatically generated.Iam not
able fix the error.
Iam working with Visual Web Developer-2005 Express Edition
| | |
by: siyaverma |
last post by:
Hi,
I am new to php, i was doing some small chnages in a project developed by my collegue who left the job and i got the responsibility for that,
After doing some changes when i run it on my local server it was working fine but giving some errors those are
Notice: Undefined index: phplogin in C:\Inetpub\wwwroot\sampleft\index.php on line 116
Notice: Undefined variable: username in C:\Inetpub\wwwroot\sampleft\index.php on line 116
...
|
by: cyberlei |
last post by:
hi all,
I`m getting this error
Notice: Undefined index: user in c:\inetpub\wwwroot\login.php on line 96
Notice: Undefined variable: message in c:\inetpub\wwwroot\login.php on line 101
Could someone please tell me where I did wrong? Here is the Code, Thanks a lot
<?php
|
by: anfetienne |
last post by:
i take information from a database and then have the collected values entered into a form with hidden fields.
<input type="hidden" name="tempID" id="tempID" value='<?php print $random_digit;?>'/>
<input type="hidden" name="htmlcss" id="htmlcss" value='<?php print $htmlcss;?>'/>
<input type="hidden" name="header" id="header" value='<?php print $header;?>'/>
<input type="hidden" name="nav" id="nav" value='<?php print...
|
by: anfetienne |
last post by:
i take information from a database and then have the collected values entered into a form with hidden fields.
<input type="hidden" name="returnURL" id="returnURL" value="<?php print $returnURL;?>"/>
<input type="hidden" name="tempID" id="tempID" value='<?php print $random_digit;?>'/>
<input type="hidden" name="htmlcss" id="htmlcss" value='<?php print $htmlcss;?>'/>
<input type="hidden" name="header" id="header"...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
