For those of you actively running a SaaS, can I pick your brains?
I’m currently working on the user sign up/sign in/recover password functionality for Feature Upvote. I’m in danger of over-engineering it. I log every signin failure and success in the application log. I’m recording in the database User table the date/time of the last successful signin and last failed signin, and last modified date.
- Should I be recording all sign ins (or recent sign ins) in the database?
- Should I be recording IP address and user agent of each sign in?
My product is not dealing with financial data or anything else that is critical. I want to do things well, but I also don’t want to go overboard.
My MySQL user table currently looks like this:
CREATE TABLE user
user_id INT(11) PRIMARY KEY NOT NULL AUTO_INCREMENT,
email VARCHAR(200) NOT NULL,
salted_hash VARCHAR(100) NOT NULL,
date_created TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
date_modified TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
CREATE UNIQUE INDEX user_email_uindex ON user (email);
Any tips from someone who has been down this path already? Anything you really wished you had baked into the user system from the beginning?