Posted by David Portas on 12/28/05 17:12
Cecil wrote:
> >>I don't see the purpose of the ID column? Why not make the name the primary
> >>key?
>
> I was thinking of doing that, but I intend for the Logon table to be
> like an ID card. Only for efficient identification. I wanted to reuse
> this table design in multiple projects that would require
> authentication.
>
Name would still be unique though wouldn't it? So it should still have
a unique constraint on name.
Storing passwords in the database is an inherent security flaw. Don't
store them, encrypted or otherwise. If you must, store a secure hash of
the password. If you are using SQL Server 2005 then use the built in
encryption / authentication. Where possible, use integrated security
rather than invent your own.
--
David Portas
SQL Server MVP
--
[Back to original message]
|