Let me start off by stating I know the benefits of a database but that is not the question. I want to know if the security makes sense with an added benefit of speed.
By using PHP 7.0,
Test 1: I have a database setup with a table called user, with an id field and password for an example. I use the PDO extension to query the database by id. The request took o 0.0005719 microseconds to complete.
Test 2: I read a local file that all it contains is a password hashed.
The request takes 0.00005912 microseconds to complete.
Please note: in both cases the passwords are hashed using php's password hash function. As this is a security fourm I want to state that as well. Also for concurrency the file is assumed safe to be read only by one person at one time at login only.
Either way, as it would be used to login only, not get details, would it be secure? (The files are NOT stored in web root). So somebody would need a server login, or the php acting as a middleman to read the file. The database is mysql and requires a server login plus mysql login.
Question: are the speed benefits for using a file instead of a database warrant good grounds for using a file or keep it in the database? Does this pose any security risk on a production environment?
Update - 23-02-2017 Let me state a few things. 1, A "full" user is not stored in the file, only a password already hashed. No need for indexers because when a user logs in a md5 hash of the Username would be directed straight to a file on the local system. (Username cannot be changed). This would allow for quick logging in, without a database query. 2, The test was conducted with the data already store just the time getting the data was tested. 3, It is microseconds, as per php microtime. The operation was iterated 100 times, then a difference was taken and averaged. 4, this is strictly hypothetical.