I am designing a table for the purpose of user authentication. What fields should be included in this table? What is the minimum to be able to track user credentials, track failed login attempts for account locking, actually lock accounts, etc.
views:
91answers:
2
+1
A:
userid
password
last login date
create date
password expire date
Is Locked
Status
JD
2009-05-21 00:10:39
I'd prefer to see hash and salt fields in place of the password.
Bill the Lizard
2009-05-21 00:12:13
To what is 'Status' referring?
pc1oad1etter
2009-05-21 01:04:31
I was thinking that you may want to have some sort of policies that should be accepted (i.e. privacy policy) and it would be used to track that information.
JD
2009-05-21 02:06:11
+1
A:
Locking: a simple 'IsLocked' and 'LockTime' on the user will suffice. Each time they try to log on check the lock and if it's within X of LockTime, disallow, otherwise set IsLocked false.
Simples method for tracking login attempts is to have a LoginAttempt count and LastLoginAttemptTime - when they log in set LoginAttempt = 0, otherwise if they fail login, increment by 1 and set LastLoginAttemptTime. If they try again, increment and set time again.
The credentials you keep depends on the type of system - most are just Username, Password and Email, but a financial system might also use DoB and password reset questions.
Luke Schafer
2009-05-21 00:13:20