Home Forums SQL Server 2008 SQL Server 2008 - General SQL Security Best Practices - Dealing With User Name Changes RE: SQL Security Best Practices - Dealing With User Name Changes

  • January 14, 2013 at 3:30 pm

    #1577101

    ScottPletcher (1/13/2013)

    The person's login id is often some combination of last name and first name, so you need to change the name there.

    However, internally you should assign each person/user a unique id, and use that id in all tables that are not extremely short term (data is used for less than one day then discarded).

    IOW, "mary.jones" may be part of the person's login, but should not be stored in internal tables such as usage history, etc.. Instead "mary.jones" would be, say, id#1875431, and that id would be used in all internal and permanent tables. Looking up id#1875431 yields the name "mary jones" ... until she changes her name, when it yields some other name, but the name change does not require any changes to any historical table data.

    The tables within the DB the application uses to store user info does assign unique numeric value to each user. The name consisting of first & last is for front end uses/purpose.

    Kindest Regards,

    Just say No to Facebook!