Question

A developer was tasked to building a login / authentication system for a website. He creates a table,
USER that has the user-name, and password stored in a database table. He then creates a web-page
that prompts the user to enter in his user-id and password. On the server side, the developer takes the
two pieces of information (user-id and password) and invokes the following query:
Select * from USER where user =’$username’ and password=’$password’
You are tasked on performing a peer review on this development. What two pieces of feedback would
you give him, and how would you recommend addressing them?

Answer 1

The task is to develop a login/authentication for a website
data table used is USER
the usernames and passwords are stored in the table
here after the details are stored in the database
if the user enter the information in the login page
It's better to fetch the details based on the username and then check for the password
it can be done using the query SELECT * FROM USER WHERE username = "$username"
so if the query is executed the details of the particular user will be fetched from the database like
{username:"username", password:"password"}
now the password has to be checked from this fetched dictionary so that there will be an idea whether the details really exist in database or not
consider the first case:(both are fetched)
while checking the details suppose the password is incorrect then it cannot be identified like whether the "password is incorrect and the username is exist" or "the details with that username doesn't exist in the database"

consider the second case:(only username is fetched)
while checking first if the user name doesn't exist in the database a message can be displayed like "user doesn't exist" but if the password is incorrect then a message can be displayed like "password is incorrect". It cannot be done in the first case

If you have any doubts please comment and please don't dislike.