Ferreteria/sql/user account

From Woozle Writes Code
< Ferreteria‎ | sql
Revision as of 14:28, 25 September 2013 by htyp>Woozle (initial design)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

About

  • Purpose: tracks site users as a separate concept from customers. A user may or may not be a customer; a customer only becomes a user if they select a login ID. Later, users might also be admins or vendors.
  • History:
    • 2013-09-25 initial design
  • Fields:
    • PassSalt: random data prepended to the password before hashing in order to prevent precomputed lookup attacks if any hashed passwords are revealed (e.g. if the database is pirated)
      • One source advised that the salt should have at least as many bits as the hash result.
      • "Whirlpool" seems to be among the best of the hash algorithms available in PHP. Blowfish or bcrypt would be better, but availability is iffy.

SQL

<mysql>CREATE TABLE `core_users` ( 

 `ID`           INT              NOT NULL AUTO_INCREMENT,
 `UserName`     VARCHAR(31)      NOT NULL COMMENT "log in ID",
 `FullName`     VARCHAR(127) DEFAULT NULL COMMENT "optional 'real' name",
 `PassHash`     VARBINARY(128) NOT NULL   COMMENT "hash for [password+salt]",
 `PassSalt`     VARBINARY(128) NOT NULL   COMMENT "random prefix for hashing password",
 `WhenCreated` DATETIME                   COMMENT "when user was created",
 PRIMARY KEY(`ID`)

) ENGINE = MYISAM;</mysql>

Retrieved from "https://wooz.dev/mw/index.php?title=Ferreteria/sql/user_account&oldid=1751"