[nycphp-talk] The user table
Paul A Houle
paul at devonianfarm.com
Fri Mar 4 15:15:06 EST 2011
On 3/4/2011 2:30 PM, Gary Mort wrote:
>
> Oh, and get rid of that password as well. It doesn't need to be in
> that table and because it is assumed to be there, I have to do some
> really hackish things when one wants to authenticate in some other way.
>
I've kept the password in a separate table for a long time. This
makes it easy to send somebody (like a developer) a copy of the database
with the password redacted.
In the latest system I've built I have a 'credential' table that
can represent credentials of different kinds. This can be a password
for local login or it can be whatever information is needed to validate
someone as a Facebook Connect, Twitter or OpenId user. Users can have
multiple credentials. I think that user-facing web sites in 2011 and
beyond are going to want to have the option of federated login.
> Keep an aka table and timestamp it. Everytime a username is set, mark
> it in the aka table with a start time and a null end time. Get in the
> habit of checking the also known's when checking user data. Oh, and
> to make things not take forever, when a user updates their username,
> set their new name immediately and fire off a queue process to check
> through the database and clean up existing data.
>
I think you should always use the internal id in anything that
appears in the database, although you might show the username in the UI
at times. If changing the username involves anything other than
changing one column in the table, there's malpractice going on. (Like
the hard-coded URLs in Wordpress)
>
> Lastly, in there is one problem with getting rid of userid's. When a
> dumb American is trying to troubleshoot a user problem, sometimes it
> is very difficult over the phone to get correct spelling. But that
> is easily handled by the aka table. Assign everyone an identifier in
> that table for those times when you need something short and easy.
> Just make sure if you do that to make it something easily communicated
> over the phone.
My eight year old has a lisp, so I've trained him in the
international phonetic code (Alfa, Bravo, Charlie, ...) People always
understand what you're saying, and if you're speaking and can't
remember the word you can ad-lib it.
More information about the talk
mailing list