我们应该在数据库表的命名规则中使用前缀吗?[英] Should we use prefixes in our database table naming conventions?

本文是小编为大家收集整理的关于我们应该在数据库表的命名规则中使用前缀吗?的处理/解决方法,可以参考本文帮助大家快速定位并解决问题,中文翻译不准确的可切换到English标签页查看源文。

问题描述

我们正在决定在工作中开发团队的表,列,程序等的命名约定.奇异的表命名已经确定,我们正在使用单数.我们正在讨论是否要为每个表名称使用前缀.我想阅读有关是否使用前缀的建议,以及为什么.

它根本提供任何安全性(至少有一个可能的入侵者障碍)?我认为,如果我们在代码中使用表格的名称,则通常更舒适地将它们命名为前缀,因此不要将它们与变量,属性等混淆.但是我想阅读更多经验丰富的开发人员的意见./p>

推荐答案

我更喜欢使用应用程序或解决方案的简称前缀表和其他数据库对象.

这在两个潜在的情况下有助于:

  1. 如果您选择使用任何需要表格中表格的第三方框架组件(例如ASP Net成员资格提供者).

  2. ,您不太可能获得命名冲突.
  3. 如果您正在为客户开发解决方案,则它们可能仅限于一个数据库(尤其是如果他们为外部托管付费),要求他们在单个数据库中存储多个应用程序的数据库对象.

其他推荐答案

我发现匈牙利DB对象的前缀表示它们的类型相当烦人.

我在每个桌子名称都必须从" TBL"开始的地方工作.在每种情况下,命名惯例最终都会在某人需要做出较小的更改时最终造成很大的痛苦.

例如,如果您的约定是从" tbl"开始的,并且视图以" v"开头,则当您决定替换后端上其他一些东西并提供视图时,该怎么办为了兼容,甚至是首选界面?我们最终有了以" TBL"开头的视图.

其他推荐答案

我看不出任何命名约定如何提高安全性...

如果入侵者可以访问数据库(带有有害权限),他们肯定会拥有列出表名称的权限,然后选择以查看它们的用途.

,但我认为真正令人困惑的桌子名称可能会间接恶化安全性. 这将使进一步的发展变得更加努力,从而减少机会安全问题将被解决,甚至可能隐藏潜在的问题:

如果一个名称(例如)" SRO235ONSG43OIJ5"的表充满了随机命名的带有随机字符串和数字的coloumn,则新开发人员可能只是认为它是随机的测试数据(除非他触摸与之相互作用的代码),但是如果它被命名为" UserPasswords"或类似的任何看过表格的开发人员,也许震惊了密码以明文存储.

本文地址:https://www.itbaoku.cn/post/597734.html

问题描述

We are deciding the naming convention for tables, columns, procedures, etc. at our development team at work. The singular-plural table naming has already been decided, we are using singular. We are discussing whether to use a prefix for each table name or not. I would like to read suggestions about using a prefix or not, and why.

Does it provide any security at all (at least one more obstacle for a possible intruder)? I think it's generally more comfortable to name them with a prefix, in case we are using a table's name in the code, so to not confuse them with variables, attributes, etc. But I would like to read opinions from more experienced developers.

推荐答案

I prefer prefixing tables and other database objects with a short name of the application or solution.

This helps in two potential situations which spring to mind:

  1. You are less likely to get naming conflicts if you opt to use any third-party framework components which require tables in your application database (e.g. asp net membership provider).

  2. If you are developing solutions for customers, they may be limited to a single database (especially if they are paying for external hosting), requiring them to store the database objects for multiple applications in a single database.

其他推荐答案

I find hungarian DB object prefixes to indicate their types rather annoying.

I've worked in places where every table name had to start with "tbl". In every case, the naming convention ended up eventually causing much pain when someone needed to make an otherwise minor change.

For example, if your convention is that tables start with "tbl" and views start with "v", thn what's the right thing to do when you decide to replace a table with some other things on the backend and provide a view for compatibility or even as the preferred interface? We ended up having views that started with "tbl".

其他推荐答案

I don't see how any naming convention can improve security...

If an intruder have access to the database (with harmful permissions), they will certainly have permissions to list table names and select to see what they're used for.

But I think that truly confusing table names might indirectly worsen security. It would make further development hard, thus reducing the chance security issues will be fixed, or it could even hide potential issues:

If a table named (for instance) 'sro235onsg43oij5' is full of randomly named coloumns with random strings and numbers, a new developer might just think it's random test data (unless he touches the code that interact with it), but if it was named 'userpasswords' or similar any developer who looks at the table would perhaps be shocked that the passwords is stored in plaintext.