I am trying to finish my website soon. I’ve been thinking about security and i’ve noticed that alot of websites fail to notify users of possible security breeches at various levels. For example, i use “desktop” background photos which can be changed by the user. Today i was thinking that each photo should receive a random name (random_bytes(8)). Imagine the account was hijacked and the suspect changed the background, then reset the original background to cover tracks. It wouldn’t work because the name of the background will be different, thus the account holder will know something is screwy.
my point is that i wonder how i should store this data. For example, Google Mail has the last twenty login datetime stamps for an account. I assume that this is stored in a database. I am not a database designer, so i am unsure how to correctly build a database to store all of my user data.
i resist the idea that one should have all of the data in the same table. For one thing a login would be ridiculously lengthy if the table has 20+ columns. I do not think that a table should have so many columns but i don’t know how to link multiple tables with a join.
i would like to use a last login archive table, a bookmarks table and a background photo names table (with possibly more based upon security ideas that i may have in the future.)
so far, i understand that a database should be ‘relational’ for this concept. So table 1, table 2, table 3, table 4 should be related somehow. Is this relation best accomplished by a common column other than an auto-increment id?
i’m not asking for code but a general tip as to how this works in relation to what i am trying to accomplish.