List:General Discussion« Previous MessageNext Message »
From:Christian Mack Date:September 8 1999 5:32pm
Subject:Re: Speed & Security in Database Design
View as plain text  
Lauren Daniel Stegman wrote:
> I have a database where users only have access to certain records.
> A table called ACCESS_CONTROL is used to record which records a given userid
> is allowed to access.
> To impede unauthorized "snooping" all userids are 32 character randomized
> strings.  Since the ACCESS_CONTROL table needs to be checked for every query
> to determine record access rights, is this design going to get really slow
> as the database gets big?
> I wonder if it would be better to have an auto-incremented unique integer
> identifier for each user.  This would be the key in the AUTH_USER table
> (which stores all user information) and a foreign key in the ACCESS_CONTROL
> table.  Then an extra query or join would check if the randomized 32
> character useride (saved in the AUTH_USER table) matches the login id?
> Suggestions would be greatly appreciated.
> Lauren

Hi Lauren

Your second design seems better to me.
It should be faster too, because you check integers not strings.
Another optimisation could be, to grab the user id only once, and then reuse it in
multiple SELECTs.
Obviously this depends on your client side.


PS: Sorry for the late answer, I was really busy.

Speed & Security in Database DesignLauren Daniel Stegman19 Aug
  • Re: Speed & Security in Database DesignChristian Mack8 Sep