I am currently working with a junior developer on finishing my company website. We have a space for log-in information but neither of us are quite sure on the easiest most efficient way to store the data we receive from the website. I would like to know what my options are for storing customer information.
Well you should store it in a database, most probably an SQL based database. MySQL is a fine start, free and easy to set up.
But, you had best start thinking about security issues, especially if you are planning on storing credit card and other personal information. Hackers go right through the standard fare and many companies do nothing to encrypt their data at all, which in some countries is a criminal offense.
Best hire a professional to look at your system setup and see what can be done.
Answered 8 years ago
You mentioned that you have space to store the data, so I'm assuming that means you're storing it in the usual way (a database). If so the userid is easy: just allocate enough characters to store the longest user ID will allow.
The password is trickier. The easy way to store it is to simply store it the same way as the user ID. However, if someone manages to break into your database (which isn't as difficult as it sounds), they'll be able to steal all the passwords of every user. So this isn't recommended.
You could encrypt the password, and that is better than no protection at all. But even that is not secure, because often once a hacker compromises your systems, they get access to your decryption key and again you expose every password to the hacker, and it's a public relations nightmare.
So the proper way to do it is to use something called a one-way hash. Essentially this is one way encryption... it can be encrypted but never decrypted. This way there is no decryption key that can be stolen and security is the best. If you Google this concept you can find more information on it and find something applicable to your programming language and platform. Good luck.
Answered 8 years ago