I'm not a security expert, but wouldn't it be advisable to only store the hashed password of a user? My understanding is that the LocalStrategy does not do any hashing for you, so the Cache is holding a plaintext copy of each user's password in memory.
I'm not a security expert, but wouldn't it be advisable to only store the hashed password of a user? My understanding is that the LocalStrategy does not do any hashing for you, so the Cache is holding a plaintext copy of each user's password in memory.