I'm working to a security system for a web application - admin section. If one admin want to make some important changes in application he will need to a answer to a security question.
My question is: the answer to this question should be hashed in database?
Also, I'm thinking to give to the administrators posibility to change their question/answer but admin could do this just if he confirm his identity using password. Is this a good approach?
Yes, but be sure to normalize it before hashing - lowercase it, consider removing all characters that aren't alphanumeric, etc. If I enter "ceejayoz" as my question, it should probably accept " CEEJAYOZ " as well.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With