Which is better storing username and password in two databases or one?

I'm curious to see what everyone thinks.

The idea is to store the one-way encrypted username in one database secured by one connection then the coresponding one-way encrypted password in another database with a different . They could be seperate servers, but I don't think it would be neccessary. The result would be that if an attacker gained access to one database without the other the information would be useless. Then the application that uses the information would only check for matching hashed user credentials and that an indexing column matched.

I realize there might be some performance issues, but开发者_Python百科 my thought is that they would be minimal. To me this would be the most secure the user information could be.

I'd store passwords in a separate, restricted database. To add to your reasons, list of users, groups and some other settings could be public while passwords, even though encrypted, should be well protected. For example, UNIX-like systems usually store user-specific information (such as user ID, group ID, shell etc). in publicly available place. However, MD5 hashes of passwords are hidden from everyone. Before they used to be available, but that is a great security risk these times because decoding MD5 is now possible by using brute-force.

From my limited knowledge... I would guess anything after hashing both the username and password would be overkill and that you are pretty good from there.

Interesting concept, although every system I have worked with has handled both in a single schema, same table even. Really it is possible, but not necessary like you mentioned.