ansaurus

Question

How to implement this logic in database?

Answer 1

A:

Whether or not the private data is segregated into a separate table does not solve the issue of how to prevent unauthorized access. The MySQL 5.1 manual section 5.4.5 discusses request verification/privileges, but if your database is hidden behind a web application with no direct access to your tables, then standard web server security alone might be sufficient. You should probably mention the entire os/server/db/language bundle you're using (LAMP, SAMP, whatever) so someone can suggest the best security scheme for your configuration.

joe snyder 2010-07-06 04:14:26

really@@? I am using MySQL.

Tattat 2010-07-06 04:18:44

Answer 2

A:

If I understand this correctly, you could simply put all this information in two tables (user and friends) because as far as I know, it is a lot more efficient to get larger chunks of data with few queries, than smaller chunks of data with many queries. You would have something like this:

Users:
id
name
name_perm // 1, 2 or 3
email
email_perm // 1, 2 or 3
phone
phone_perm // 1, 2 or 3
password // Doesn't need permissions, always 1

Friends:
user_id
friend_id

When a user visits another user's page, first you check the permission level for each field. If level 2 is found, you would then query the friends table and check if current user ID is a friend of the user whose page is being viewed. If found, user is trusted and level 2 security info can be displayed. As for level 1 security, it's really simple - only display this info if both IDs match.

Hope this helps.

FreekOne 2010-07-06 04:21:33

I gathered from the question that the problem is allowing users to customize the security levels of different items, and where to store that information.

Anon. 2010-07-06 04:24:12

Oopsie, you're right. I have corrected my answer to reflect that request. Thanks for pointing it out.

FreekOne 2010-07-06 04:31:58

CSV-ing friends would be plain wrong - friends is the only field that really would require another table, so you can write joins and get their securitylevels...

Konerak 2010-07-06 04:36:21

This fails normalization horribly :(

Polaris878 2010-07-06 04:37:23

Konerak, I know what you means... If the friends become a firendId, which is a FK of "friends" table's id. How can I store many friends in a field?

Tattat 2010-07-06 04:51:23

I never really worked on projects with large enough databases that normalization would become a problem so I forgot to take that into account. Of course, that doesn't make your points any less valid. I suppose if you're Tom on MySpace, the friends list really would become a problem.

FreekOne 2010-07-06 04:57:08

I have updated my answer to reflect a separate table for friends as Konerak suggested.

FreekOne 2010-07-06 05:08:01

-1. This approach a pretty flawed. See Konerak and joe snyder's answers. This should be handled on the front-end.

wtfsven 2010-07-06 07:50:41

wtfsven - What do you mean on the front-end ?! And how exactly is my solution different than what both joe snyder and Konerak said, except the friends table which is needed to hold permissions (as Konerak himself pointed out) ? Please feel free to enlighten us and post your approach.

FreekOne 2010-07-06 09:58:18

wtfsven, I am also interested in your solution.

Tattat 2010-07-08 09:12:40

Answer 3

+1 A:

You don't need different tables for this, because each relation is a 1-1 relation.

Should a user have, say, multiple e-mail adresses, then you indeed should put the email and securitylevels in different tables. But because in this case, each user has exactly 1 email, 1 name, 1 phone, 1 password - just one table with 1 row per user should do.

Konerak 2010-07-06 04:34:55

ansaurus

tags:

views:

answers:

How to implement this logic in database?

related questions