Is there a standard implementation of a Users Database?
I need to implement basic personalized user functionality for my website. Is there a standard structure for databases of this type? Like is it common practice to have all user info and data in a single table with each user having his own row, or should this info be split among different tables and linked together (maybe for efficiency?) I'm not tremendously concerned with security at this point, but I'll obviously want to have password encryption before too long.
I tried to find what I was looking for on google, but to no avail. Just let me know if the question needs further clarification or anything.
database-design
asked Jun 27 '11 at 18:32
cfrederichcfrederich
195227
add a comment |
I need to implement basic personalized user functionality for my website. Is there a standard structure for databases of this type? Like is it common practice to have all user info and data in a single table with each user having his own row, or should this info be split among different tables and linked together (maybe for efficiency?) I'm not tremendously concerned with security at this point, but I'll obviously want to have password encryption before too long.
I tried to find what I was looking for on google, but to no avail. Just let me know if the question needs further clarification or anything.
database-design
asked Jun 27 '11 at 18:32
cfrederichcfrederich
195227
add a comment |
I need to implement basic personalized user functionality for my website. Is there a standard structure for databases of this type? Like is it common practice to have all user info and data in a single table with each user having his own row, or should this info be split among different tables and linked together (maybe for efficiency?) I'm not tremendously concerned with security at this point, but I'll obviously want to have password encryption before too long.
I tried to find what I was looking for on google, but to no avail. Just let me know if the question needs further clarification or anything.
database-design
asked Jun 27 '11 at 18:32
cfrederichcfrederich
195227
I need to implement basic personalized user functionality for my website. Is there a standard structure for databases of this type? Like is it common practice to have all user info and data in a single table with each user having his own row, or should this info be split among different tables and linked together (maybe for efficiency?) I'm not tremendously concerned with security at this point, but I'll obviously want to have password encryption before too long.
I tried to find what I was looking for on google, but to no avail. Just let me know if the question needs further clarification or anything.
database-design
database-design
asked Jun 27 '11 at 18:32
cfrederichcfrederich
195227
asked Jun 27 '11 at 18:32
cfrederichcfrederich
195227
asked Jun 27 '11 at 18:32
cfrederichcfrederich
195227
asked Jun 27 '11 at 18:32
cfrederichcfrederich
195227
asked Jun 27 '11 at 18:32
cfrederichcfrederich
195227
195227
add a comment |
add a comment |
5 Answers
5
active
oldest
votes
I suggest that you use typical normalization standards. One user per row.
- User ID (incrementing bigint)
- User Common Name (to be displayed on
the site) - User Email Address
- Password Salt (Unique for every user, inserted when the account is created)
- Password (Hashed with the salt - MD5 or SHA1, your preference)
- Date Account Was Created
The rest is up to you given your business rules.
answered Jun 27 '11 at 19:04
Josh BondJosh Bond
47939
7
bigint? I understand building to scale but is this website going to have over 2.1 million users?
– SqlSandwiches
Jun 28 '11 at 20:25
4
With respect to hashing MD5 and SHA1 are pretty worthless given the amount of processing power available now, I would recommend using bcrypt instead.
– BenM
Aug 8 '11 at 21:01
2
BenM - That's why I recommend a unique salt for each user. Someone who wants the password would need to built a rainbow table in both MD5 and SHA1 for each salt and crack one user at a time. Sure, it can be done, but it will be very time consuming.
– Josh Bond
Aug 10 '11 at 17:00
add a comment |
Going to have to go for a big old fashion "it depends".
Of course you are going to need some sort of key on this table. You could start off with a UserID. This could just be a incrementing INT (or bigint if you are going to have over 2.1 million users).
I've seen lots of databases also use GUIDs as the main UserID. But that's opening a whole different can of worms using GUIDs for PKs.
You then need to decide how normalized you want your database. Are you going to allow your user to have multiple emails? multiple phone numbers? If so, they should be in a different table.
I'd keep the main user table to:
- some sort of ID or PK you can use
- First Name/Last Name or just a username
- some sort of status of the user (active, disabled, etc) - (tinyint linking to a status table)
- created date
That should be your starting point.
From there you could add other columns based on what you want to store. Email could link to an email table, address to an address table, etc. Password could use hash+salt but have you considered openids?
I HIGHLY recommend you read this article though - http://www.sqlservercentral.com/articles/data-modeling/71725/
answered Jun 28 '11 at 20:43
SqlSandwichesSqlSandwiches
1,24511320
add a comment |
Check out this answer where the poster goes through each field and discusses what you might want to do with the field. This can help you work out if you need to have tables linked for flexibility for business requirements, or reporting.
Best practices on common person fields (Name, email, address, gender etc...)
edited Apr 13 '17 at 12:42
Community♦
1
answered Jul 22 '11 at 8:47
LeahLeah
111127
add a comment |
If it is about authentication of users, I would use LDAP. Do not create a separate database for the users, if you already use a database and have other tables (orders, products, etc). You may want to join these tables.
add a comment |
We can add last login date, maximum number of login attempts, and active status
answered 5 mins ago
user172288user172288
1
New contributor
user172288 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "182"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f3519%2fis-there-a-standard-implementation-of-a-users-database%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
5 Answers
5
active
oldest
votes
5 Answers
5
active
oldest
votes
active
oldest
votes
active
oldest
votes
I suggest that you use typical normalization standards. One user per row.
- User ID (incrementing bigint)
- User Common Name (to be displayed on
the site) - User Email Address
- Password Salt (Unique for every user, inserted when the account is created)
- Password (Hashed with the salt - MD5 or SHA1, your preference)
- Date Account Was Created
The rest is up to you given your business rules.
answered Jun 27 '11 at 19:04
Josh BondJosh Bond
47939
7
bigint? I understand building to scale but is this website going to have over 2.1 million users?
– SqlSandwiches
Jun 28 '11 at 20:25
4
With respect to hashing MD5 and SHA1 are pretty worthless given the amount of processing power available now, I would recommend using bcrypt instead.
– BenM
Aug 8 '11 at 21:01
2
BenM - That's why I recommend a unique salt for each user. Someone who wants the password would need to built a rainbow table in both MD5 and SHA1 for each salt and crack one user at a time. Sure, it can be done, but it will be very time consuming.
– Josh Bond
Aug 10 '11 at 17:00
add a comment |
I suggest that you use typical normalization standards. One user per row.
- User ID (incrementing bigint)
- User Common Name (to be displayed on
the site) - User Email Address
- Password Salt (Unique for every user, inserted when the account is created)
- Password (Hashed with the salt - MD5 or SHA1, your preference)
- Date Account Was Created
The rest is up to you given your business rules.
answered Jun 27 '11 at 19:04
Josh BondJosh Bond
47939
7
bigint? I understand building to scale but is this website going to have over 2.1 million users?
– SqlSandwiches
Jun 28 '11 at 20:25
4
With respect to hashing MD5 and SHA1 are pretty worthless given the amount of processing power available now, I would recommend using bcrypt instead.
– BenM
Aug 8 '11 at 21:01
2
BenM - That's why I recommend a unique salt for each user. Someone who wants the password would need to built a rainbow table in both MD5 and SHA1 for each salt and crack one user at a time. Sure, it can be done, but it will be very time consuming.
– Josh Bond
Aug 10 '11 at 17:00
add a comment |
I suggest that you use typical normalization standards. One user per row.
- User ID (incrementing bigint)
- User Common Name (to be displayed on
the site) - User Email Address
- Password Salt (Unique for every user, inserted when the account is created)
- Password (Hashed with the salt - MD5 or SHA1, your preference)
- Date Account Was Created
The rest is up to you given your business rules.
answered Jun 27 '11 at 19:04
Josh BondJosh Bond
47939
I suggest that you use typical normalization standards. One user per row.
- User ID (incrementing bigint)
- User Common Name (to be displayed on
the site) - User Email Address
- Password Salt (Unique for every user, inserted when the account is created)
- Password (Hashed with the salt - MD5 or SHA1, your preference)
- Date Account Was Created
The rest is up to you given your business rules.
answered Jun 27 '11 at 19:04
Josh BondJosh Bond
47939
answered Jun 27 '11 at 19:04
Josh BondJosh Bond
47939
answered Jun 27 '11 at 19:04
Josh BondJosh Bond
47939
answered Jun 27 '11 at 19:04
Josh BondJosh Bond
47939
47939
7
bigint? I understand building to scale but is this website going to have over 2.1 million users?
– SqlSandwiches
Jun 28 '11 at 20:25
4
With respect to hashing MD5 and SHA1 are pretty worthless given the amount of processing power available now, I would recommend using bcrypt instead.
– BenM
Aug 8 '11 at 21:01
2
BenM - That's why I recommend a unique salt for each user. Someone who wants the password would need to built a rainbow table in both MD5 and SHA1 for each salt and crack one user at a time. Sure, it can be done, but it will be very time consuming.
– Josh Bond
Aug 10 '11 at 17:00
add a comment |
7
bigint? I understand building to scale but is this website going to have over 2.1 million users?
– SqlSandwiches
Jun 28 '11 at 20:25
4
With respect to hashing MD5 and SHA1 are pretty worthless given the amount of processing power available now, I would recommend using bcrypt instead.
– BenM
Aug 8 '11 at 21:01
2
BenM - That's why I recommend a unique salt for each user. Someone who wants the password would need to built a rainbow table in both MD5 and SHA1 for each salt and crack one user at a time. Sure, it can be done, but it will be very time consuming.
– Josh Bond
Aug 10 '11 at 17:00
7
7
bigint? I understand building to scale but is this website going to have over 2.1 million users?
– SqlSandwiches
Jun 28 '11 at 20:25
bigint? I understand building to scale but is this website going to have over 2.1 million users?
– SqlSandwiches
Jun 28 '11 at 20:25
4
4
With respect to hashing MD5 and SHA1 are pretty worthless given the amount of processing power available now, I would recommend using bcrypt instead.
– BenM
Aug 8 '11 at 21:01
With respect to hashing MD5 and SHA1 are pretty worthless given the amount of processing power available now, I would recommend using bcrypt instead.
– BenM
Aug 8 '11 at 21:01
2
2
BenM - That's why I recommend a unique salt for each user. Someone who wants the password would need to built a rainbow table in both MD5 and SHA1 for each salt and crack one user at a time. Sure, it can be done, but it will be very time consuming.
– Josh Bond
Aug 10 '11 at 17:00
BenM - That's why I recommend a unique salt for each user. Someone who wants the password would need to built a rainbow table in both MD5 and SHA1 for each salt and crack one user at a time. Sure, it can be done, but it will be very time consuming.
– Josh Bond
Aug 10 '11 at 17:00
add a comment |
Going to have to go for a big old fashion "it depends".
Of course you are going to need some sort of key on this table. You could start off with a UserID. This could just be a incrementing INT (or bigint if you are going to have over 2.1 million users).
I've seen lots of databases also use GUIDs as the main UserID. But that's opening a whole different can of worms using GUIDs for PKs.
You then need to decide how normalized you want your database. Are you going to allow your user to have multiple emails? multiple phone numbers? If so, they should be in a different table.
I'd keep the main user table to:
- some sort of ID or PK you can use
- First Name/Last Name or just a username
- some sort of status of the user (active, disabled, etc) - (tinyint linking to a status table)
- created date
That should be your starting point.
From there you could add other columns based on what you want to store. Email could link to an email table, address to an address table, etc. Password could use hash+salt but have you considered openids?
I HIGHLY recommend you read this article though - http://www.sqlservercentral.com/articles/data-modeling/71725/
answered Jun 28 '11 at 20:43
SqlSandwichesSqlSandwiches
1,24511320
add a comment |
Going to have to go for a big old fashion "it depends".
Of course you are going to need some sort of key on this table. You could start off with a UserID. This could just be a incrementing INT (or bigint if you are going to have over 2.1 million users).
I've seen lots of databases also use GUIDs as the main UserID. But that's opening a whole different can of worms using GUIDs for PKs.
You then need to decide how normalized you want your database. Are you going to allow your user to have multiple emails? multiple phone numbers? If so, they should be in a different table.
I'd keep the main user table to:
- some sort of ID or PK you can use
- First Name/Last Name or just a username
- some sort of status of the user (active, disabled, etc) - (tinyint linking to a status table)
- created date
That should be your starting point.
From there you could add other columns based on what you want to store. Email could link to an email table, address to an address table, etc. Password could use hash+salt but have you considered openids?
I HIGHLY recommend you read this article though - http://www.sqlservercentral.com/articles/data-modeling/71725/
answered Jun 28 '11 at 20:43
SqlSandwichesSqlSandwiches
1,24511320
add a comment |
Going to have to go for a big old fashion "it depends".
Of course you are going to need some sort of key on this table. You could start off with a UserID. This could just be a incrementing INT (or bigint if you are going to have over 2.1 million users).
I've seen lots of databases also use GUIDs as the main UserID. But that's opening a whole different can of worms using GUIDs for PKs.
You then need to decide how normalized you want your database. Are you going to allow your user to have multiple emails? multiple phone numbers? If so, they should be in a different table.
I'd keep the main user table to:
- some sort of ID or PK you can use
- First Name/Last Name or just a username
- some sort of status of the user (active, disabled, etc) - (tinyint linking to a status table)
- created date
That should be your starting point.
From there you could add other columns based on what you want to store. Email could link to an email table, address to an address table, etc. Password could use hash+salt but have you considered openids?
I HIGHLY recommend you read this article though - http://www.sqlservercentral.com/articles/data-modeling/71725/
answered Jun 28 '11 at 20:43
SqlSandwichesSqlSandwiches
1,24511320
Going to have to go for a big old fashion "it depends".
Of course you are going to need some sort of key on this table. You could start off with a UserID. This could just be a incrementing INT (or bigint if you are going to have over 2.1 million users).
I've seen lots of databases also use GUIDs as the main UserID. But that's opening a whole different can of worms using GUIDs for PKs.
You then need to decide how normalized you want your database. Are you going to allow your user to have multiple emails? multiple phone numbers? If so, they should be in a different table.
I'd keep the main user table to:
- some sort of ID or PK you can use
- First Name/Last Name or just a username
- some sort of status of the user (active, disabled, etc) - (tinyint linking to a status table)
- created date
That should be your starting point.
From there you could add other columns based on what you want to store. Email could link to an email table, address to an address table, etc. Password could use hash+salt but have you considered openids?
I HIGHLY recommend you read this article though - http://www.sqlservercentral.com/articles/data-modeling/71725/
answered Jun 28 '11 at 20:43
SqlSandwichesSqlSandwiches
1,24511320
answered Jun 28 '11 at 20:43
SqlSandwichesSqlSandwiches
1,24511320
answered Jun 28 '11 at 20:43
SqlSandwichesSqlSandwiches
1,24511320
answered Jun 28 '11 at 20:43
SqlSandwichesSqlSandwiches
1,24511320
1,24511320
add a comment |
add a comment |
Check out this answer where the poster goes through each field and discusses what you might want to do with the field. This can help you work out if you need to have tables linked for flexibility for business requirements, or reporting.
Best practices on common person fields (Name, email, address, gender etc...)
edited Apr 13 '17 at 12:42
Community♦
1
answered Jul 22 '11 at 8:47
LeahLeah
111127
add a comment |
Check out this answer where the poster goes through each field and discusses what you might want to do with the field. This can help you work out if you need to have tables linked for flexibility for business requirements, or reporting.
Best practices on common person fields (Name, email, address, gender etc...)
edited Apr 13 '17 at 12:42
Community♦
1
answered Jul 22 '11 at 8:47
LeahLeah
111127
add a comment |
Check out this answer where the poster goes through each field and discusses what you might want to do with the field. This can help you work out if you need to have tables linked for flexibility for business requirements, or reporting.
Best practices on common person fields (Name, email, address, gender etc...)
edited Apr 13 '17 at 12:42
Community♦
1
answered Jul 22 '11 at 8:47
LeahLeah
111127
Check out this answer where the poster goes through each field and discusses what you might want to do with the field. This can help you work out if you need to have tables linked for flexibility for business requirements, or reporting.
Best practices on common person fields (Name, email, address, gender etc...)
edited Apr 13 '17 at 12:42
Community♦
1
answered Jul 22 '11 at 8:47
LeahLeah
111127
edited Apr 13 '17 at 12:42
Community♦
1
edited Apr 13 '17 at 12:42
Community♦
1
edited Apr 13 '17 at 12:42
Community♦
1
1
answered Jul 22 '11 at 8:47
LeahLeah
111127
answered Jul 22 '11 at 8:47
LeahLeah
111127
answered Jul 22 '11 at 8:47
LeahLeah
111127
111127
add a comment |
add a comment |
If it is about authentication of users, I would use LDAP. Do not create a separate database for the users, if you already use a database and have other tables (orders, products, etc). You may want to join these tables.
add a comment |
If it is about authentication of users, I would use LDAP. Do not create a separate database for the users, if you already use a database and have other tables (orders, products, etc). You may want to join these tables.
add a comment |
If it is about authentication of users, I would use LDAP. Do not create a separate database for the users, if you already use a database and have other tables (orders, products, etc). You may want to join these tables.
If it is about authentication of users, I would use LDAP. Do not create a separate database for the users, if you already use a database and have other tables (orders, products, etc). You may want to join these tables.
answered Dec 18 '17 at 0:50
user140142
add a comment |
add a comment |
We can add last login date, maximum number of login attempts, and active status
answered 5 mins ago
user172288user172288
1
New contributor
user172288 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
We can add last login date, maximum number of login attempts, and active status
answered 5 mins ago
user172288user172288
1
New contributor
user172288 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
We can add last login date, maximum number of login attempts, and active status
answered 5 mins ago
user172288user172288
1
New contributor
user172288 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
We can add last login date, maximum number of login attempts, and active status
answered 5 mins ago
user172288user172288
1
New contributor
user172288 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 5 mins ago
user172288user172288
1
New contributor
user172288 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 5 mins ago
user172288user172288
1
answered 5 mins ago
user172288user172288
1
1
New contributor
user172288 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
user172288 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
user172288 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
Thanks for contributing an answer to Database Administrators Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f3519%2fis-there-a-standard-implementation-of-a-users-database%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
