I’m designing a blog-like website system from the ground up, based off of PHP and MySQL. It works based on this structure:
- Everything has a unique ID, known as an entity ID or ENID.
- A master table contains all ENIDs, so there are no duplicates.
- There are four types of entities: posts, revisions, modules, and users
- This is all so that id.php can be asked for any resource on the site and know what to do with it.
- Posts are categorized to a module. For example, documents, messages, events, etc. all belong to a separate module.
- Posts reference a specific row in a revisions table to be displayed to the user.
I’m wondering, would it be best to split the four entities and the master table up across separate databases, or would it be best to keep them all in one? Security is a TOP priority.
I don’t see how splitting those things to separate databases could increase security by itself. It will only complicate your application code without any necessity.
Store them in the same database and focus your security efforts on other areas: firewalls, sql sanitizing, etc.
Keeping authentication information in the same database is absolutely acceptable. Most people do it this way. Just make sure you don’t store passwords in plain text (you should store a salted hash instead).