The user passwords are currently stored in plain text in the database. Anyone with access to the database would have user passwords and thus, user data and even the ability to administer the database.
Acceptance Criteria/plan
Hash (using bcrypt, for example) passwords before storing in the database.
Use salt for each password to prevent rainbow table attacks.
Background/need
The user passwords are currently stored in plain text in the database. Anyone with access to the database would have user passwords and thus, user data and even the ability to administer the database.
Acceptance Criteria/plan