Sitemaps

Questions

Web development

What is the easiest way to store log-in and customer information obtained from our company website?

I am currently working with a junior developer on finishing my company website. We have a space for log-in information but neither of us are quite sure on the easiest most efficient way to store the data we receive from the website. I would like to know what my options are for storing customer information.

Answer This Question

3

Answers

Stanislov Krapivnik

Russia and Russians and How to do business here.

Well you should store it in a database, most probably an SQL based database. MySQL is a fine start, free and easy to set up.

But, you had best start thinking about security issues, especially if you are planning on storing credit card and other personal information. Hackers go right through the standard fare and many companies do nothing to encrypt their data at all, which in some countries is a criminal offense.

Best hire a professional to look at your system setup and see what can be done.

Answered about 10 years ago

Ian Ippolito

Serial tech entrepreneur. Former CEO of vWorker.

You mentioned that you have space to store the data, so I'm assuming that means you're storing it in the usual way (a database). If so the userid is easy: just allocate enough characters to store the longest user ID will allow.

The password is trickier. The easy way to store it is to simply store it the same way as the user ID. However, if someone manages to break into your database (which isn't as difficult as it sounds), they'll be able to steal all the passwords of every user. So this isn't recommended.

You could encrypt the password, and that is better than no protection at all. But even that is not secure, because often once a hacker compromises your systems, they get access to your decryption key and again you expose every password to the hacker, and it's a public relations nightmare.

So the proper way to do it is to use something called a one-way hash. Essentially this is one way encryption... it can be encrypted but never decrypted. This way there is no decryption key that can be stolen and security is the best. If you Google this concept you can find more information on it and find something applicable to your programming language and platform. Good luck.

Answered about 10 years ago