I'd like to keep the real names, emails, and any other personal identifiable information out of my primary application database, and in another database/encrypted file. And I'm curious on if there's a best practices solution for this or if I'm totally over looking something.
Some thoughts I had were the following:
- User logs in with a username and password that are both hashed in the primary database
- This server then makes some sort of secure call to the member database with the user's id
- And in return the member database returns the name, email, address etc.
I'm wondering if this is the right approach, and if so where the keys are stored and authenticated etc..