During registration, I save things like username, password(secured), user data from the registration form. What other data is common to save. Is storing the ip address from which the user verified necessary? and how about the ip from which they registered? Is there a security reason to store this data, and is the effort worth collecting and storing all this data?
During registration, what server-side data should be saved in the database
278 Views Asked by twitter At
2
There are 2 best solutions below
0
On
A lot of that information (especially IP address) is available in your server logs, so it may not be worth the extra effort to keep track of it with the user registration. If you were to start getting spam from a certain IP address, you could easily figure that out and block them using server logs, but there may be advantages to keeping tying that to specific user accounts.
I also like Rook's point about the "last IP address you used was X".
The IP address could change during a session for legitimate reasons. Other information provided by the HTTP header, such as the User-Agent is trivial to spoof so there is no added security in checking or storing these fields.
That being said I do like ssh and gmail's feature of "The last ip address you use was X".