|
|
|
|
|
|
by johnnydoebk
3561 days ago
|
|
|
>> Just store the hash of the token (ideally stretched like any password) in the database and mail the original token out If I understand it correctly, that's exactly what they propose. You mail the original token out, store its hash. The second string is used as an ID (there should be a secondary index on it). |
|
|