I'm building a website for a small store and I was told that its better not to keep the login and the rest of the users information in the same table.
Now im wondering, what is the best way to implement this website's database?
Some of the database tables are:
- Customers
- Providers
- Products
- Etc..
I need to have different users, after someone is logged in the site, depending on their rights they can do a series of things:
- If they are a customer they can order stuff
- If they are employees they can order stuff, manage stock, add customers, etc
- If they are the owner or administrator they can add employees and everything else.
Should I keep the login and the rest of the information of the user in the same table?
Best Answer
There is no security reason to separate the login information from the rest of the user information. It doesn't make your site safer in any meaningful way, so you should just organize the tables by what is most logical.
The real security issue in this domain is that you should not be storing plain text passwords. Only store a salted hash of the password.
That being said, it probably makes logical sense to separate the user information into a few tables, because you have different users with different roles. Have a user table with all the common information, then customer, employee, etc.