Handle all authentication logic in database or code?
Posted
by
Snuffleupagus
on Programmers
See other posts from Programmers
or by Snuffleupagus
Published on 2012-06-12T19:40:31Z
Indexed on
2012/06/12
22:47 UTC
Read the original article
Hit count: 242
web-applications
|database-development
We're starting a new(ish) project at work that has been handed off to me. A lot of the database sided stuff has been fleshed out, including some stored procedures. One of the stored procedures, for example, handles creation of a new user. All of the data is validated in the stored procedure (for example, password must be at least 8 characters long, must contain numbers, etc) and other things, such as hashing the password, is done in the database as well.
Is it normal/right for everything to be handled in the stored procedure instead of the application itself?
It's nice that any application can use the stored procedure and have the same validation, but the application should have a standard framework/API function that solves the same problem. I also feel like it takes away the data from the application and is going to be harder to maintain/add new features to.
© Programmers or respective owner