I think most people just go with SQL, but don't really consider other factors...
For instance, member authentication data (user/pass) could very well be better served using LDAP or similar. If you used a specially constructed text file, stored in assumingly a safe place (outside doc root) you could likely write a highly efficient and secure authentication extension.
This has the following benefits and disadvantages:
1) Security is tighter. Whenever you use SQL and also third party products which also require a database, assuming your all under the same DB, you open your application up to attack by virtue of SQL injection...
2) Efficiency is greater. Yes, MySQL and SQLite even more so are blistering fast, but I gaurantee you I could write a simple authentication extension which out performed them.
The problem with this approach, is that MySQL is pretty much standard across the board as a means for storage on almost every server on the planet, custom extensions are obviously limited and worthless in this regard.
Why consider the above in the first place???
Well, I'm am forever coming across libaries which offer some sort of agnostic data store, in that, by using a abstraction layer, you can switch your Session management from file based to SQL to LDAP, etc...
I've considered this immensely in the past as there are advantages to using a different medium outside of somehting fixed like SQL...security being one, like mentioned above...
Sure using a seperate database might assist in solving this issue for untrusted third party scripts, but still, what about shared hosts, etc where you are limited ot a single database?
Another advantage I have always found in offering different storage mediums, such as LDAP, etc...is that some mediums are better suited for certain data.
I won't get into this again, but structured data, such as authentication info and roles (which are by nature most of the time, organzied) would be IMHO better stored in a medium or technology which supports natural oragnization, such as that what LDAP or XML may provide...
Secondly, I personally find comfort in keeping certain data stored in different mediums as almost a means of further abstracting the design of an application...
Hard to explain what I mean, but basically, storing files as files and data as data in a RDBMS helps seperate your application design overall, much like MVC does for application code.
Keeping authentication info in a medium other than RDBMS, helps almost seperate that important section of code from the other sections which are maybe more record based.
Divide and conquer (sp) is something I have always tried to do with any project, constantly so for me it makes sense to always look forbetter suited mediums for certain kinds of data...
However now I am begining to consider (as my ORM class gets more and more complete) that perhaps, RDBMS is the way to go
Talk about a biased opinion eh?
Clearly, there are advantages to having all data stored in a RDBMS, especially if I can get my ORM classes to work as expected...making working with most SQL data a breeze...
The idea of centralized data storage also appeals to me, despite the benefit of divide and conquer and that feeling of additional abstraction...
So I'm officially confused as to which argument to support...
What I'd like to start is, not an argument, nor a debate, but disscussion on which you agree with and why, not belittling either side, because I will counter attack both and sound like a hypocrite...
Give me your positives and negatives for both and maybe after hearing some other opinions, I can finally ultimately conclude which direction to go in...
Cheers