Today I would like to ask for your help on authorization and authentication
So at the moment i have the following migration
defmodule PhxApi.Repo.Migrations.CreateUsers do use Ecto.Migration def change do create table(:users) do add :username, :string add :email, :string add :password_hash, :text add :role, :string add :confirmed, :boolean add :attempts, :integer add :locked, :boolean timestamps() end create unique_index(:users, [:email]) create unique_index(:users, [:username]) end end
The following migration is used to take into account the following scenarios:
- account confirmation
- user block by username and email
What would you add more to this migration and in general to take into account other security scenarios?
Also how you deal with users ip where would you store them?
Would you use ETS or mnesia for account confirmation?
Also other suggestions or you person experiences are welcomed
Thanks in advance