Patterns in writing Login Page

[Sridhar panatula]

Hello All,
I would like to learn the well accepted patterns in developing the Login
page.
Could you please let me know what your experience are in this area.

The ones I have seen.

1) Usernames and Passwords are brought into in-memory-cache at application
startup and being maintained in the middle tier by the
login/adduser/updateuser methods as appropriate

Pros: A quick response and less burden on the persistance store(Database
or whatever)
Cons:. If the user list is a large then its not so brilliant way of doing it


2) A stored procedure or a SQL statment used to retrieve the Password for a
user and then compared with the one entered by user.

Pros: simplicity and scalability and could be well used in server farms
with load balancing
Cons: May be little more frequently hitting the database(but I still see
it as justifiable)
A bit slower than the previous approach. As the operation is a
small one it should be very good

Looks like I am biased on the second approach. I would love to hear your
opinions.

Thanks
Sridhar

 

[Marina]

I haven't really heard of anyone trying to use the first approach, due to of
course the whole scalability issue. Issuing a SQL statement isn't that time
consuming that you are going to see any difference in response time from the
user's perspective.