When is the risk of publishing a database structure?

Question

When is the risk of publishing a database structure?

I am planning a site that needs user trust. To help build trust, I thought to publish the source code, the database schema, and even allow users to upload raw data (so that they can run their own data requests to make sure the site gives the correct answers).

Under what circumstances is there a security risk? I think that most of the data can be downloaded from the web site anyway.

For confidential information such as IP addresses and passwords, I plan to store hashed (with salt). Age information is not relevant, maybe I'll just keep "adult yes / no." Anything I'm missing?

+3

security database website

Aaron digulla Mar 2 '11 at 9:44

source share

1 answer

Mike · Accepted Answer · 2011-03-02T10:38:41+0000

Injection is not a problem if you use your data access correctly. You are not worried about maintaining your ownership model, so there are no problems. You have a green light to expose the model.

Confidentiality is not a problem if you tell the user that the data is publicly available. People open private information and photos on Facebook, so why not your system? Green light.

Random salt hashed data is, in theory, safe to download. A SHA512 with a random hash will probably never be broken. But who knows? Once MD5 was the "right way" for the hash, and now you detect a collision in less than 1 hour.

- , , . IP-, IP- - . , - . . , . + , .

When is the risk of publishing a database structure?

More articles: