Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

user authentication

 
Yosi Hendarsjah
Ranch Hand
Posts: 166
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a user table that contains three columns: username, password, and fullname. The fullname will be used to greet the user. The password is hashed before put in the table. Which one is the better way:

Method 1:
The query is
If the query doesn't return a row it means the username given is wrong.
If it does, then we compare the password we get from the database with the one given by user.

OR

Method 2:
The query is
If the query doesn't return a row it means either the username or the password are wrong.

?
[ May 16, 2005: Message edited by: Yosi Hendarsjah ]
 
Amarender Reddy
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yosi!

even though either of them will work, the second seems to be more effective as the username-pw combination needs to be matched

cheers
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 35279
384
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yosi,
I agree that option 2 is better. There is less network traffic.

Even better is to use a PreparedStatement so the sql is only compiled once.
 
Yosi Hendarsjah
Ranch Hand
Posts: 166
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Amarender and Jeanne!
Your opinion is the same as I thought. I even use the PreparedStatement.

yosi
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic