Hi guys,
I'm currently building a few step registration form. First page contains all the account data, so: username, password, email etc. Next i'm passing all the values through the session to next steps, and in the step 4 everything is insterted into the DB.
Now my question: is that safe ? Or, should I ask: how unsafe is it ?
What would be the safest way to pass the password to the next steps, to hash and salt them in step 1 and pass through the session, or pass unencrypted password and hash & salt just before the mysql query ?
Or maybe insert each step directly into the db instead of saving the variables into the session, but I wouldn't really like to do that because when user changes his mind and doesn't finish the registration process he will still leave his details in the DB.
Any suggestions would be highly appreciated!
