Do the names of HTML input affect the security of the database?

Imagine the names of the columns in my database table as follows:

id | username | password | email | confirmed

All attribute name values are equal to the columns of their name table:

<input type="text" name="username">
<input type="password" name="password">
<input type="email" name="email">

Does this type of naming affect database/data security?



That said, it can certainly increase the chances of a bot trying to guess usernames and passwords against your site. Not a data security threat itself, but an automated attack vector.

1 Like

Do you mean via sql injection?

No, I mean by someone creating a bot that spiders across the internet and says “Go to Website 1, check for the existence of a ‘username’ field. If found, attack this website, otherwise, go to website 2.”

If I named my username field “flowerofroses”, increased chance that my site gets ignored.

Same theory as to why using “password1234” as a password is a really bad idea.

1 Like

So your opinion is not to use the field of the same name?
But open source projects such as cms or frameworks like WordPress all have public tables. Everyone knows the names of its database fields, except for certain people who have changed the names of tables and columns or added prefixes.

last question:
You gave an example of a bot above.
But I only have the sql injection method in mind to attack. Does the robot have another scenario to attack the database?

I apologize in advance for prolonging the question.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.