P
Phil C.
Hi. I'm working on an ecommerce application. There is a conventional
registration page
where the person is identified by his entering an email address and
password.
I was planning to have all customer information encrypted, and the password
salted and hashed with SH-1. However, when a registered person attempts to
login, I would have to decrypt each email address in the stored table and
compare it with the person logging in to see if there is a match, before
checking the passwords. Is this the conventional way to do things, or is
there a speedier way?
registration page
where the person is identified by his entering an email address and
password.
I was planning to have all customer information encrypted, and the password
salted and hashed with SH-1. However, when a registered person attempts to
login, I would have to decrypt each email address in the stored table and
compare it with the person logging in to see if there is a match, before
checking the passwords. Is this the conventional way to do things, or is
there a speedier way?