You should encrypt all sensitive information, like password, credit
card, social security number, etc. It should be encrypted while
traveling over the internet, e.g. by using SSL, but it should also be
stored in an encrypted way.
We hear all too often how "hackers have stolen a million personal
records from company xyz." You wouldn't want your company to get
into the news like that.
Cheers,
Marc
At 6:11 PM +0800 5/14/03, Terence Ng wrote:
>Thank you very much for your patience. May I have one
>more question?
>
>May I put the login and password of my customers in
>the same table containing my customers name and
>address?
It is a convenient thing to do, but it's not very safe unless you
somehow store this information encrypted, or at least, scrambled.
