summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Database.md5
1 files changed, 4 insertions, 1 deletions
diff --git a/Database.md b/Database.md
index afd0968..544a487 100644
--- a/Database.md
+++ b/Database.md
@@ -32,4 +32,7 @@ In this table are all created user objects stored and will be removed if the adm
* Column `password`: Contains the `bcrypt` hashed password of the user
* Column `fullname`: Contains the full name of the user
* Column `mailaddr`: Contains the contact email address of the user
-* Column `body`: Contains the body of the user in the markdown format \ No newline at end of file
+* Column `body`: Contains the body of the user in the markdown format
+
+## Why database table prefixes are not supported
+The blogging application does not support the definition of a prefix for the database tables. This is because one database should only contain the data from one application (and if this is the case, prefixes are unnecessary). If multiple applications are sharing the same database and a security vulnerability is discovered in one of those applications, an attacker may be able to access the data from the second application through the security vulnerability in the first application. \ No newline at end of file