i'm new in JSP and developing a website and user requires email and password authentication, now my question comes into my mind, Would it be safe to save password directly into database, when i was in php i generally used to save it using hashing, Now i'm in java and it's not for hackers to hack passwords :p , what's suggestion in that case? thaks for regarding in advanced!
Asked
Active
Viewed 108 times
0
user3631223
- 95
- 1
- 2
- 5
-
1There is nothing special about java: you should not store plain text passwords in a database. – assylias May 24 '14 at 12:54
2 Answers
1
no matter what code you are using: Java, Jsp, php, ... it is NEVER a good idea to store an un-altered, unhashed password in a DB for a serious application, if you actually need something more than just the suggestion of security.
Stultuske
- 9,296
- 1
- 25
- 37
1
It never safe to store password directly in DB irrespective of technology. It should always be stored after hashing. Reason is you want to minimize the security risk so that a guy who has access to db like operations team can not make out anything.
Infact for highly secured system(like Banking), item to be secured is hashed with salt where salt changes over a period of time so that even developer who know the hashing logic can't attack the system.
Ultimately, it depend how secured system you are aspiring for.
M Sach
- 33,416
- 76
- 221
- 314