I’m using PHP and mySQL in a site I design from scratch.
When a user logs in to the site, should I :
- make the query
WHERE username='username' AND password='password', in which case I need to index the username and password fields, and can return a “Bad login” if one of the details is incorrect
or
- Make the query
WHERE username='username'only, in which case I need to index just the username field, but need to check that the passwords match in the server side code
?
UPDATE:
This question is about good practice. It is about whether the pros of adding an index on the password field so I can get a response from the DB only if both of the details are correct, outweighs the cons of the space and size this index will take.
I don’t think the specific of my system (other than the programming language, and DB type) are relevant, and will help.
I’d do the latter (the username is “the thing you’re searching for”, even if you do an explicit password verification at some stage), but it’s impossible to come up with a tailored answer for you, without in-depth familiarity with your particular codebase.
Edit
You mention indexing; indexing both the username and password fields only makes sense when
usernameis not unique.. and it should be. So it’s a bit of a moot point.