As a security precaution, it is important to not save any
sort of sensitive information in clear text in your database. This can be
information such as an email address, a social security number, answers to
secret questions – or anything that would be considered sensitive data for the
user.
For most people, it is surprising how a little bit of
information can lead to malicious attacks. They use the same account names,
emails, passwords, and secret questions for all of their accounts, so if you get
one, you probably have them all.
I’ve seen an unfortunate amount of sensitive information
stored in clear text from applications I have worked on. When I ask why it is
done this way, no one has an answer. The response is always “it is just always
the way it has been.” I don’t find this to be an acceptable answer as when you
do your initial design, you know it needs to be done.
My next few posts will talk about encryption, hashing, and
security in general.
