Best practice for register login forms
Posted on 2011-02-14
Experts, I have a question for you. I want to make my register form stronger in regards to security for my customer. Right now, the way I have it, a user or spam bot can register, the information gets stored in the db, but if it was a fake register, the information stays in there filling it up. I've got an email going to the user for them to verify who they are, but the information is already in the db. I'd like to try something else. I was thinking about having the information hidden that gets sent to their email and not adding this information until they confirm, but I feel that is a security issue. I'd like to know best practices for this to make it right.