Should authorization data (salt, password hash) and user account data be separated into different MySQL tables?

G

greenTransistor2017-06-15 18:35:43

MySQL

greenTransistor, 2017-06-15 18:35:43

Usually in my small projects I make separate tables, which has the following advantages:
- you can separate access to this data and protect the salt and hash from being stolen by SQL injection, since in scenarios other than login and registration, access to them is not needed and the user of the database, used by default, can not be given them;
- it is possible to create system / auxiliary users, from which it is impossible to log in;
- slightly faster performance in typical scenarios.
But in the big projects I've seen, there was usually a single table, and besides, splitting data with a one-to-one relationship into different tables is not considered good practice. I see the following advantages of one table:
- it is easier to maintain data consistency;
- less redundancy and, as a result, less space occupied.
There is hardly a universal answer, so in which cases is it better to have one table, and in which two? What other advantages and disadvantages are there in both database schemas?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexander Aksentiev, 2017-06-15
@Sanasol

Probably never seen such an option.
I don't see the point at all in this.
the hacker will not guess to look for the password and will not even notice that it is not in the hacked data?)
Or does the injection not magically spread to the rest of the tables?)