This week's book giveaway is in the Kotlin forum.
We're giving away four copies of Kotlin in Action and have Dmitry Jemerov & Svetlana Isakova on-line!
See this thread for details.
Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

user authentication  RSS feed

 
Yosi Hendarsjah
Ranch Hand
Posts: 166
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a user table that contains three columns: username, password, and fullname. The fullname will be used to greet the user. The password is hashed before put in the table. Which one is the better way:

Method 1:
The query is
If the query doesn't return a row it means the username given is wrong.
If it does, then we compare the password we get from the database with the one given by user.

OR

Method 2:
The query is
If the query doesn't return a row it means either the username or the password are wrong.

?
[ May 16, 2005: Message edited by: Yosi Hendarsjah ]
 
Amarender Reddy
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yosi!

even though either of them will work, the second seems to be more effective as the username-pw combination needs to be matched

cheers
 
Jeanne Boyarsky
author & internet detective
Sheriff
Posts: 37227
519
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yosi,
I agree that option 2 is better. There is less network traffic.

Even better is to use a PreparedStatement so the sql is only compiled once.
 
Yosi Hendarsjah
Ranch Hand
Posts: 166
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Amarender and Jeanne!
Your opinion is the same as I thought. I even use the PreparedStatement.

yosi
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!