[thelist] Where to Store Username and Password in SQL Tables

rudy r937 at interlog.com
Tue Jan 28 08:16:03 CST 2003


> 1) When the Manufacturer signs up, I just collect the data that goes
> into the User table.

how do you collect this?  paper form?  fax?  phone?  web form?

who submits it?  you?  superuser?  sysadmin?  any joe user?

my suggestion:  you want one web form to "add a user" and this function
should make no distinction between what kind of a user it is, so this
function can be used by everybody

then you want a different function that associates a particular existing
user to a particular manufacturer, and this separate function should be
restricted to those with the appropriate permission

i don't know your app, but i wouldn't want just any joe user to have the
ability to associate his userid with some arbitrary manufacturer and then
start messing around with that manufacturer's data

however, my recommended two-stpe process is not as complicated as it might
seem

i would design it so that if fred is already a user for the xyz company,
fred has the ability to relate any other existing user to xyz company

as for portability, do everything with your own data tables, not some
"permissions" feature of the database vendor

in terms of the database design, all you need is a foreign key in the user
table that points to the manufacturer table (many-to-one design, many users
to one manufacturer)

unless, of course, you want a given user to be able to control multiple
manufacturers, in which case you should go for the separate many-to-many
relationship table

rudy




More information about the thelist mailing list