Hi,
not 100% sure if this is a database question or php as it kind of crosses both borders. Basically my thinking is that if i want a user table the obvious start is by creating a table called
users or members
So instantly if someone is going to try and hack a site they will try one of the above.
Then in those tables i have probably got fields called
username, password, email
So anyone trying to hack my site is going to try and find those fields.
My question is is there any benefit to renaming my table to something else eg
kl_users
with fields like
az_username, bf_password, pw_email
on the basis that they cannot be guessed. or would it not make any difference?
i’m using prepared statements so not too concerned about sql injection but if i can do something simple to make it harder for someone to exploit i will as mistakes can and do happen.
I don’t think this matters much, if someone breaks into your server and gets access to your database then this won’t help at all. It’s as if you made all your PHP variable and function names different than what you would want them to be just to prevent being hacked - you are just making life hard for yourself and for any other devs working on your code.
This is a form of security through obscurity. In some cases this might make sense like using a code obfuscator to make it almost incomprehensible to a human. When I create administration panels for clients I never set their address to /admin or admin.php, etc. - I make it a little bit unique and not obvious so that web robots don’t find it by probing. But it’s important to know this is never a final security measure, it’s just a small step to make the system less discoverable.
Anyway, I would never use weird table and column names in my database for security reasons. Database should have clear structure understandable for humans and it should be protected by proper installation of all server components and proper network infrastructure.