Password handling
One vital thing is to keep your data private and secure. There are some especially sensitive types of data that you will store in your system; one of the most important ones is passwords, and you want to keep them secure. Storing passwords in plain text is considered a bad practice, and you should avoid it. The most widespread practice for password handling is to hash a password before storing it.
Hashing is a mechanism that, from a string, generates another string with a non-reversible operation. That means you can always generate the same hashed string with the original string, but you can’t generate the original string with the hashed string. This is very interesting for passwords because, this way, you don’t need to store the passwords of your users. You can simply store the hash, and if the hash gets leaked, it will not be easy to get the original password and use it anywhere else.
It sounds good, right? But there is a catch. The same string...
