Results 1 to 7 of 7
  1. #1
    Join Date
    Sep 2003
    Posts
    6

    Why are usernames usually unchangeable?

    I am currently designing a user and account management for a product and I started pondering why in many systems the username is unchangeable? (after the account is created)

    I think this has to do with the database design and I can think of only one reason - using the username as a primary key.
    I'd say using the username as primary key is bad design altogether so I don't see any reason not to make the username changeable.

    But still in most places it is not - what am I missing?

  2. #2
    Join Date
    Sep 2002
    Location
    UK
    Posts
    5,171

    Re: Why are usernames usually unchangeable?

    I don't know. In Oracle there actually is a numeric surrogate key USER# used in the data dictionary tables, but still there is no facility to rename a user AFAIK.

    I guess one consideration is that the username is what generally gets used in audit columns like created_by and modified_by, without any foreign key constraint, and so if the username was updated all this audit information would become meaningless.

  3. #3
    Join Date
    Dec 2003
    Location
    Canada
    Posts
    710
    I don't know the security/audit context, but I have seen applications where the created_by and updated_by columns were populated with a surrogate foreign key instead of the natural user name.

    This is a good question.

  4. #4
    Join Date
    Sep 2003
    Posts
    6

    Thumbs up Re: Why are usernames usually unchangeable?

    Originally posted by andrewst
    I guess one consideration is that the username is what generally gets used in audit columns like created_by and modified_by, without any foreign key constraint, and so if the username was updated all this audit information would become meaningless.
    That is a good reason.
    I suppose that in the database you can use a foreign key but if you want to log user actions in a file it makes most sense to use the username - it is not too long and it is meaningful.

  5. #5
    Join Date
    Dec 2003
    Location
    Canada
    Posts
    710
    You also don't have to maintain a mass of foreign key relationships from every table all pointing to the user table.

  6. #6
    Join Date
    Sep 2003
    Posts
    6

    About phpBB and Javalobby

    I was checking the phpBB database schema - this is a php forum application.
    The username there is also unchangeable.

    In the 'posts' table phpBB has columns for the user foreign key and the username. At first I thought this to be use of denormalization to optimize for speed. At second look - next to every message phpBB shows additinal info from the 'users' table - so they join 'posts' and 'users' anyway.
    In the 'topics' table there is only the foreign key. Next to every topic they publish only the username from the 'users' table. I guess here you can denormalize the username to increase performance, but the fact that it is not means that in reality joining the tables doesn't hit performance that much.

    It leaves me with the impression that having the username unchangeable is some sort of a prejudice.

    In another forum application - Javalobby there is no username at all. For login it uses the email and in the posts it displays the full name. The email is changeable. One way to see it is that changing the username is also avioded

  7. #7
    Join Date
    Apr 2004
    Posts
    1
    I wondered about that too. It looks like the username in the posts table can be other things than the username in the users table. Specifically for use by folks who aren't registered if the board does not require registration. It mearly checks that what is entered is not a name that already appears in the users table if the person is unregistered.

    What floored me was that in looking at the schema in MS SQL Server 2000, that there are no relationships defined between the tables. I would want relationships set up and enforced to keep the data clean. Especially since otherwise some mods might break things because they don't carefully check all the logic that the official php scripts do. Enforcing the logic in relationships seems a much better way to go. (More logic could be enforced with triggers and stored procedures, but I realize they can't do this since most people use MySQL. If only folks would use Postgres or Firebird instead...)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •