Quote:
|
Originally Posted by haku
2) my script creates a random 20 character alphanumeric code. I hash this, and put it in the database. Then I append the unhashed version as a get variable to confirm.php, so it looks like this: confirm.php?number=askld23432kl324kl32jklj234 or something. I email this link to the account that the person registered under.
|
Why?
What benefit does it serve you keeping a hashed version in the database, when you're sending them an unhashed version via unencrypted email? You're trying to hide the random code from yourself!?