My app has a users table. It also has an administrator interface on
There are going to be many (i hope) users for the site, and only 1 or 2
admins. This is all pretty common I assume. so…
What is the best practice for admin access for web applications?
have a ‘users’ table and a separate ‘admins’ table. normal app
controllers use ‘users’ table/model and admin controllers use ‘admins’
have only a ‘users’ table and have a boolean column ‘admin’ in there
(which in my case will have only 1 entry set to true in all the data
I know that both are possible solutions but they both sound pretty scary
to me WRT security… am I just too worried? or are there better
commonly used methods?