From c8312fdacaa78a179061a671e7933fad42a4fd5b Mon Sep 17 00:00:00 2001 From: Thomas Lange Date: Sat, 29 Apr 2017 20:07:56 +0200 Subject: Not about prefixes added. --- Database.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Database.md b/Database.md index afd0968..544a487 100644 --- a/Database.md +++ b/Database.md @@ -32,4 +32,7 @@ In this table are all created user objects stored and will be removed if the adm * Column `password`: Contains the `bcrypt` hashed password of the user * Column `fullname`: Contains the full name of the user * Column `mailaddr`: Contains the contact email address of the user -* Column `body`: Contains the body of the user in the markdown format \ No newline at end of file +* Column `body`: Contains the body of the user in the markdown format + +## Why database table prefixes are not supported +The blogging application does not support the definition of a prefix for the database tables. This is because one database should only contain the data from one application (and if this is the case, prefixes are unnecessary). If multiple applications are sharing the same database and a security vulnerability is discovered in one of those applications, an attacker may be able to access the data from the second application through the security vulnerability in the first application. \ No newline at end of file -- cgit v1.2.3