开发者

During registration, what server-side data should be saved in the database

During r开发者_开发百科egistration, I save things like username, password(secured), user data from the registration form. What other data is common to save. Is storing the ip address from which the user verified necessary? and how about the ip from which they registered? Is there a security reason to store this data, and is the effort worth collecting and storing all this data?


The IP address could change during a session for legitimate reasons. Other information provided by the HTTP header, such as the User-Agent is trivial to spoof so there is no added security in checking or storing these fields.

That being said I do like ssh and gmail's feature of "The last ip address you use was X".


A lot of that information (especially IP address) is available in your server logs, so it may not be worth the extra effort to keep track of it with the user registration. If you were to start getting spam from a certain IP address, you could easily figure that out and block them using server logs, but there may be advantages to keeping tying that to specific user accounts.

I also like Rook's point about the "last IP address you used was X".

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜