I have a theory about the design of a new site I am working on. If a user accounts table is in one database, and the site content tables in another database, then it would be impossible for a hacker to use SQL injections in a form unrelated to the user database to get data from a table he should not have access to.
Is my thinking correct or incorrect?
In theory, this seems like it might work, but in practice, probably not, because once a cracker gets in to your database, it is likely that they will have more than enough information to get in to another one (i.e. once they have usernames and passwords, they can then enter your site and do another injection). Your best bet is to always sanitize input.
On a side note, this is a really cool idea about the best way to store information on a website.
- Joe
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.