That said, it can certainly increase the chances of a bot trying to guess usernames and passwords against your site. Not a data security threat itself, but an automated attack vector.
No, I mean by someone creating a bot that spiders across the internet and says âGo to Website 1, check for the existence of a âusernameâ field. If found, attack this website, otherwise, go to website 2.â
If I named my username field âflowerofrosesâ, increased chance that my site gets ignored.
Same theory as to why using âpassword1234â as a password is a really bad idea.
So your opinion is not to use the field of the same name?
But open source projects such as cms or frameworks like WordPress all have public tables. Everyone knows the names of its database fields, except for certain people who have changed the names of tables and columns or added prefixes.
last question:
You gave an example of a bot above.
But I only have the sql injection method in mind to attack. Does the robot have another scenario to attack the database?
I apologize in advance for prolonging the question.
Thanks.