Devise for Rails: Does Seperating User Data into Two Models Improve Security?
Question
I am building a rails app using Devise. I have been told that it is advisable to split User data into two Models for security reasons... 1 Model being the default User table created by devise, and the other a Profile table to store private data (addresses etc).
As explained in this article , its a good idea to do this for Separation of Concern reasons.
My question is, does doing this also increase security of the user accounts, or not?
My guess is that it would not, because if someone has hacked into your database then it would not matter how many Models you have data scattered across, the hacker would have access to all of it anyway. But happy to be corrected if I am wrong :)
1 answers
solution1
2 ACCPTED 2018-11-20 16:28:37
First off, welcome to Stack Overflow!
Your point about having access to the database is valid. If that happens, you're right; it won't matter how the data is structured.
The point that the article that you referenced is also valid. If the User model is specifically in place to interact with devise , it might be best not to use it to store profile information for maintainability reasons, if nothing else.
If devise is the only library that controls migrations to the User table, you're much less likely to run into migration or column name conflicts down the road.
That said, I'd agree with the separation of concerns approach.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.