Should we use prefixes in our database table naming conventions?

sql database naming-conventions

11,727

Solution 1

I prefer prefixing tables and other database objects with a short name of the application or solution.

This helps in two potential situations which spring to mind:

You are less likely to get naming conflicts if you opt to use any third-party framework components which require tables in your application database (e.g. asp net membership provider).
If you are developing solutions for customers, they may be limited to a single database (especially if they are paying for external hosting), requiring them to store the database objects for multiple applications in a single database.

Solution 2

I find hungarian DB object prefixes to indicate their types rather annoying.

I've worked in places where every table name had to start with "tbl". In every case, the naming convention ended up eventually causing much pain when someone needed to make an otherwise minor change.

For example, if your convention is that tables start with "tbl" and views start with "v", thn what's the right thing to do when you decide to replace a table with some other things on the backend and provide a view for compatibility or even as the preferred interface? We ended up having views that started with "tbl".

Solution 3

I don't see how any naming convention can improve security...

If an intruder have access to the database (with harmful permissions), they will certainly have permissions to list table names and select to see what they're used for.

But I think that truly confusing table names might indirectly worsen security. It would make further development hard, thus reducing the chance security issues will be fixed, or it could even hide potential issues:

If a table named (for instance) 'sro235onsg43oij5' is full of randomly named coloumns with random strings and numbers, a new developer might just think it's random test data (unless he touches the code that interact with it), but if it was named 'userpasswords' or similar any developer who looks at the table would perhaps be shocked that the passwords is stored in plaintext.

Solution 4

Why not name the tables according to the guidelines you have in place for coding? Consider the table name a "class" and the columns a "property" or "field". This assists when using an ORM that can automatically infer table/column naming from class/member naming.

For instance, Castle ActiveRecord, declared like below assumes the names are the same as the member they are on.

[ActiveRecord]
public class Person
{
    [PrimaryKey]
    public Int32 Id { get; set; }

    [Property]
    public String Name { get; set; }
}

Solution 5

If you use SqlServer the good start would be to look at the sample databases provided for some guidance.

View more solutions

11,727

Author by

Joe Meyer

Programmer. My personal website: http://fernandobriano.com

Updated on June 07, 2022

Comments

Joe Meyer almost 2 years

We are deciding the naming convention for tables, columns, procedures, etc. at our development team at work. The singular-plural table naming has already been decided, we are using singular. We are discussing whether to use a prefix for each table name or not. I would like to read suggestions about using a prefix or not, and why.

Does it provide any security at all (at least one more obstacle for a possible intruder)? I think it's generally more comfortable to name them with a prefix, in case we are using a table's name in the code, so to not confuse them with variables, attributes, etc. But I would like to read opinions from more experienced developers.
Chris over 15 years

I find the whole hungarian concept antiquated today anyway. I think it's just leftover from the days where it was harder to organize things and sometimes the name of an object was the only distinguishing mark.
Amit Naidu almost 13 years

Prefixing application names adds no value. 1. 3rd party components should not be going under the same schema/owner as your app tables to cause naming conflicts in the first place. 2. Limited to single database does not mean limited to a single schema.
Ian Nelson about 10 years

@AmitNaidu I agree. I have totally changed my mind in the five years since I posted this question. If I could, I would delete the answer.
tuespetre about 10 years

I think I can agree with you as long as the default schema is either not used or is not set. It's a lot harder to search for usages when it could be 'MyTable', '[dbo].MyTable', 'dbo.MyTable', 'MyDatabase..MyTable', 'MyDatabase..[MyTable]', etc.; this is increasingly more difficult when other objects in other schemas within the same database have the same name.
ma11hew28 about 8 years

@AmitNaidu but what if I want to name my table user, which is a reserved word in PostgreSQL? Using prefixes would solve this conflict.
niico almost 8 years

Both of these two situations are quote edge casey to most people (me included). It's less verbose & neater to not prefix.
niico almost 8 years

If the intruder can only conduct, say, a limited SQL Injection attack then its far from sure they will be able to list table names. Having said that - this would be a pretty weak additional security measure (and should never be used for security really).
iYazee6 over 3 years

The new link for ["assumes the names are the same"] [ github.com/castleproject-deprecated/ActiveRecord/blob/master‌/… ]
mukunda about 2 years

Indeed, the more unique terms the better. It makes support easier too when digging in your codebase.