soryy708
commented
5 years ago Most of the work should be limited to just user container and user.
Open soryy708 opened 5 years ago
soryy708
commented
5 years ago Most of the work should be limited to just user container and user.
We're using industry best practices for storing user passwords. We're storing a SHA-256 hash of the password, which is by design a one-way function. There's no sane way to get a users password from its hash.
For extra security, though optional, we can add a salt to the password to make the resulting hash different even though originally passwords are similar. This adds an extra bit of security.