$Auth_prefix

Involved Joined: Jul 03, 2006 Posts: 273

Something that has always bugged me and one day I wanted to introduce to my sites I thought I would bring up for discussion here:

I have always wondered why nuke uses a $prefix and $user_prefix and not an $Auth_prefix?

I mean it would seem a hell of alot better a security process to have a different prefix on the Authors table than the rest of the site. A lot harder to run detrimental SQL injection attacks I would think and the Auth table prob is more important to secure than the darn users table?

Has anyone else considered converting the system to use an Auth's table prefix? Of course I know this will raise compatibility issues but hell it would be worth it in the long run and the longer something like this takes to become standard the more external modules and blocks etc there will be that aren't compatible why not start implementing something like this today?

Thoughts anyone?

Posted: Thu Apr 16, 2009 8:05 pm

Sounds like a wasted idea to me, mainly that the $prefix should always been unique and never easy to guess. Sadly phpNuke defaults it to "nuke" and plenty of installers use the same defaults.

Posted: Thu Apr 16, 2009 11:53 pm

Like evaders says there is nothing stopping you from having the $prefix set to whatever you want for security.

I believe the main reason for having a separate prefix for the users table is to enable the users to be shared across more than one site.

Posted: Fri Apr 17, 2009 7:13 am

I mean ultimately different prefixes shouldn't be necessary for any set of tables but nonetheless it is an extra level of security when it is different and as such that extra level would be more important on the AUTH table than any other table in the DB. But again it was just a thought I had open for input.

Posted: Fri Apr 17, 2009 7:25 am

The problem that I have is that if someone can find out what the $prefix is set at, then having $auth_prefix isn't going to help because it is already "game over".