generating/ storing account activation code
https://stackoverflow.com/questions/2362259
-
23-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
usually on any website after you register they send you an e-mail with an account activation code,
is there somewhere some information/best-practices about this technique ?
like about how do you generate them, how do you store them, do you encode or not these activation codes ?
Solution
Generated an activation code can be as simple as generating a random number with a fixed number of digits.
Personally I do this, then store the generated code in the users table of the database along with the username/password/email etc, so that it can be quickly verified when the link is clicked and your checking code run.
I usually go with a 'long' data type and generate 9-digit random numbers, and store these raw (not encoded) in the database for easy retrieval. Passwords should be encoded, but an activation code is a single-use, throw-away value so no need for any special consideration.
OTHER TIPS
IMHO, the best way of doing it not to store the key and generate it when you need it using a seed or a private key. Or use a MD5 digest kind of logic to use specific user params like, generate a string "username-email-id" and hash it and send it in the email when the user clicks it again, try to generate the key and match it against the user key. No need to storage and not possible to regenerate.
