During registration, I save things like username, password(secured), user data from the registration form. What other data is common to save. Is storing the ip address from which the user verified necessary? and how about the ip from which they registered? Is there a security reason to store this data, and is the effort worth collecting and storing all this data?
During registration, what server-side data should be saved in the database
297 Views Asked by twitter At
2
There are 2 best solutions below
0
Steve Nay
On
A lot of that information (especially IP address) is available in your server logs, so it may not be worth the extra effort to keep track of it with the user registration. If you were to start getting spam from a certain IP address, you could easily figure that out and block them using server logs, but there may be advantages to keeping tying that to specific user accounts.
I also like Rook's point about the "last IP address you used was X".
Related Questions in PHP
- php Variable name must change in for loop
- register_shutdown_function is not getting called
- Query returning zero rows despite entries existing
- Retrieving *number* pages by page id
- Automatically closing tags in form input?
- How to resize images with PHP PARSE SDK
- how to send email from localhost using codeigniter?
- Mariadb max Error while sending QUERY packet PID
- Multiusers login redirect different page in php
- Imaginary folder when I use "DirectoryIterator" in PHP?
- CodeIgniter + XDebug: debug only working in the main controller, index() function
- PHP script timeout when I use sleep()
- posting javascript populated form to another php page
- AJAX PHP - Reload div after submit
- PHP : How can I check Array in array?
Related Questions in DATABASE
- When dealing with databases, does adding a different table when we can use a simple hash a good thing?
- How to not load all database records in my TListbox in Firemonkey Delphi XE8
- microsoft odbc driver manager data source name not found and no default driver specified
- Cloud Connection with Java Window application
- Automatic background scan if user edit column?
- Jmeter JDBC Connection Configuration Parametrization of Database URL for accessing SQL Database
- How to grant privileges to current user
- MySQL: Insert a new row at a specific primary key, or alternately, bump all subsequent rows down?
- Inserting and returning autoidentity in SQLite3
- Architecture: Multiple Mongo databases+connections vs multiple collections with Express
- SQL - Adding a flag based on results within a query - best practice?
- Android database query not returning any results
- Developing a search and tag heavy website
- Oracle stored procedure wrapping compile error with inline comments
- Problems communicating with mysql in php
Related Questions in SECURITY
- Can MVC.NET prevent SQL-injection at razor or controller level?
- Forgotten password reset page: should the user need to enter a username/email as well?
- Dynamic roles list in CustomAuthorize ASP MVC
- Access roles from multiple applications
- How to Fix TLS CBC Incorrect Padding Abuse Vulnerability on Windows 2003 Server
- Evernote Web Clipper and Content Security Policy
- Invalidate user credentials when password changes
- Spring Boot MVC non-role based security
- Correct Captcha behaviour on error
- Is macro more secure than static const if I don't want someone to know or change the hardcode value?
- In Android, ensuring only pre-decided users can only use the app
- Authenticating plain text passwords against md5 hash in DB using Apache Shiro
- Symfony2 - handle HTTP/Entity user access restrictions
- Client side computation without exposing code?
- searchable row level encryption using java?
Related Questions in REGISTRATION
- setKeepAliveTimeout is deprecated in iOS9
- data not inserted into 1 sql so couldn't login, registration worked but table not updated
- How to register an installation remotely?
- Check if the user is activate or not
- Insert into mysql database through php
- Windows 8.1 phone is not being registered
- Devise prevent auto sign-in after registration
- Email is already in database, returns as if it isn't
- Checking for 'isUniqueUsername' in cakephp doesn't seem to work?
- PHP - MySQL - Sign Up Trouble [blank data]
- creating a registration profile in python django
- EF Code-first MVC: Should I add fields to the default AspNetUsers table or create another 'UserInfo' table that relates to the AspNetUsers table?
- Launch Screen for first time user experience doesn't look right (iOS)
- Extension or any method to override the registration module in magento 1.9
- Redirect after register in Laravel
Related Questions in USER-REGISTRATION
- How to register an installation remotely?
- Drupal 7 user registration custom
- What is the form parameter name to pass for a custom field of a group in Kademi?
- Wordpress - Import custom CSV file in Database and validate upon registration
- Laravel 5.1: Register user and send data to two tables at the same time: Users and Users_details
- How to make graph in Laravel 5.2
- Parse like user management in google app engine for android
- Track non registered users
- Joomla 3.2 user registration
- Edit joomla registration admin email
- Get page ID in user_register hook Wordpress
- Escape Email Address - Best Practices
- PHP MD5 Create User Form
- how can i ensure only one user account per UK resident is created on my website?
- CMS which allow different account types with registration via sms
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
The IP address could change during a session for legitimate reasons. Other information provided by the HTTP header, such as the User-Agent is trivial to spoof so there is no added security in checking or storing these fields.
That being said I do like ssh and gmail's feature of "The last ip address you use was X".