store password
Posted: Wed Sep 03, 2008 12:46 pm
Hello!
burden is lifted from your application wherever possible"
What is "one-way password hashes"? Which "alternative implementation techniques" Do you suggest for store password?
Can you avoid storing the secret?
If you use an alternative implementation technique, it could remove the need to
store secrets. For example, if all you need to do is verify that a user knows a
password, you do not need to store passwords. Store one-way password hashes
instead.
Also, if you use Windows authentication, you avoid storing connection strings
with embedded credentials.
May someone explain more about this:" If you handle secrets, let the platform handle them so that the
Do You Store Secrets?
Secrets include application configuration data, such as account passwords and
encryption keys. If possible, identify alternate design approaches that remove any
reason to store secrets. If you handle secrets, let the platform handle them so that the
burden is lifted from your application wherever possible.
burden is lifted from your application wherever possible"