what is the most/ a popular library companies use to store sensitive information like social security number, passwords, etc. into a database?
v
Vampire
10/01/2021, 6:49 PM
Never ever ever ever ever ever write any password to any database or other persistent storage. That is a very big security no-no.
Vampire
10/01/2021, 6:50 PM
Always only write password hashes to the storage, then there is no way the password could be extracted by any vulnerability or similar
b
Brian Donovan
10/01/2021, 6:51 PM
ty!
v
Vampire
10/01/2021, 6:53 PM
scrypt is currently pretty good as password "hash" afair
✅ 1
c
CLOVIS
10/01/2021, 7:05 PM
Also never store authentication tokens. Exact same reason
k
Klitos Kyriacou
10/04/2021, 8:44 AM
Hashes are generally one-way only, so if the application being written is a password manager, it would require the ability to transform in both directions.
v
Vampire
10/04/2021, 9:14 AM
Of course, but that is pretty unlikely with that question. 😄