tags:

views:

1137

answers:

7
+5  Q: 

Database naming conventions

We are deciding the naming convention for tables, columns, procedures, etc. at our development team at work. The singular-plural table naming has already been decided, we are using singular.

We are discussing wether to use a prefix for each table name or not. I would like to read suggestions about using a prefix or not, and why.

Does it provide any security at all? (At least one more obstacle for a possible intruder)

I think it's generally more comfortable to name them with a prefix, in case we are using a table's name in the code, so to not confuse them with variables, attributes, etc. But I would like to read opinions from more experienced developers.

+4  A: 

I prefer prefixing tables and other database objects with a short name of the application or solution.

This helps in two potential situations which spring to mind:

  1. You are less likely to get naming conflicts if you opt to use any third-party framework components which require tables in your application database (e.g. asp net membership provider).

  2. If you are developing solutions for customers, they may be limited to a single database (especially if they are paying for external hosting), requiring them to store the database objects for multiple applications in a single database.

Ian Nelson  2008-11-27 16:32:26
The only caveat about prefixing table names is that some tables may end up being used by multiple applications, in which case, the original prefix becomes misleading. In the worst case, the App1 prefix survives long after App1 itself has gone the way of the dodo.
Jonathan Leffler  2008-11-27 17:47:31
+1  A: 

Look at this post What is your naming convention for stored procedures?

kristof  2008-11-27 16:33:01
+1  A: 

If you use SqlServer the good start would be to look at the sample databases provided for some guidance.

kristof  2008-11-27 16:35:49
A: 

If you're worried about mixing up your table names, employ a hungarian notation style system in your code. Perhaps "s" for string + "tn" for table name:

 stnUsers = 'users';
 stnPosts = 'posts';

Of course, the prefix is up to you, depending on how verbose you like your code... strtblUsers, strtblnmeUsers, thisisthenameofatableyouguysUsers...

Appending a prefix to table names does have some benefits, especially if you don't hardcode that prefix into the system, and allow it to change per installation. For one, you run less risk of conflicts with other components, as Ian said, and secondly, should you wish, you could have two or instances of your program running off the same database.

nickf  2008-11-27 16:36:44
+4  A: 

I don't see how any naming convention can improve security...

If an intruder have access to the database (with harmful permissions), they will certainly have permissions to list table names and select to see what they're used for.

But I think that truly confusing table names might indirectly worsen security. It would make further development hard, thus reducing the chance security issues will be fixed, or it could even hide potential issues:

If a table named (for instance) 'sro235onsg43oij5' is full of randomly named coloumns with random strings and numbers, a new developer might just think it's random test data (unless he touches the code that interact with it), but if it was named 'userpasswords' or similar any developer who looks at the table would perhaps be shocked that the passwords is stored in plaintext.

Stein G. Strindhaug  2008-11-27 16:59:05
+9  A: 

I find hungarian DB object prefixes to indicate their types rather annoying.

I've worked in places where every table name had to start with "tbl". In every case, the naming convention ended up eventually causing much pain when someone needed to make an otherwise minor change.

For example, if your convention is that tables start with "tbl" and views start with "v", thn what's the right thing to do when you decide to replace a table with some other things on the backend and provide a view for compatibility or even as the preferred interface? We ended up having views that started with "tbl".

Dustin  2008-11-27 17:09:37
I find the whole hungarian concept antiquated today anyway. I think it's just leftover from the days where it was harder to organize things and sometimes the name of an object was the only distinguishing mark.
Chris  2008-11-27 18:00:34
A: 

Why not name the tables according to the guidelines you have in place for coding? Consider the table name a "class" and the columns a "property" or "field". This assists when using an ORM that can automatically infer table/column naming from class/member naming.

For instance, Castle ActiveRecord, declared like below assumes the names are the same as the member they are on.

[ActiveRecord]
public class Person
{
    [PrimaryKey]
    public Int32 Id { get; set; }

    [Property]
    public String Name { get; set; }
}
Anthony Mastrean  2009-06-04 21:04:53

related questions

What language do you use for Postgresql triggers and stored procedures?
Are Multiple DataContext classes ever appropriate?
Which tools do people use to create Data Dictionaries?
Any experiences with Protocol Buffers?
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
How do I index a database field
How does database indexing work?
How do I connect to a database and loop over a recordset in C#?
Editing database records by multiple users
Object Oriented vs Relational Databases
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
Embedded Database for .net that can run off a network
Connect PHP to an AS/400
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
.NET Migrations Engine
Is there a version control system for database structure changes?
SQLite and XSD
How do I version my MS SQL database in SVN?
XSD DataSets and ignoring foreign keys
Flat File Databases in PHP
Throw Error In MySQL Trigger
Binary Data in MySQL