DEV Community

Discussion on: How to securely store passwords?

Collapse
 
sumtingwon profile image
sumting-won

How about the connection pool when there are mil of concurrent login sessions? 1-to-1 mapping doesn't sound right to me from the idea unless like the author mentioned, you're building a cooperate app that exclusively serves indoor.
and let me rephrase: you are stating from your last comment is just leave the thing you are not mastering to the "expert"? Common, that's not how a developer should think. The starting point is wrong. Like, what could go wrong if a your db got a vulnerable issue right? or porting to another db where you had delegated part of your app to the "expert"?

Collapse
 
jhelberg profile image
Joost Helberg

'The starting point is wrong' is right indeed. Never consider storing a password in the first place. The connection-resource issue in my proposal is an issue though, it can partly be solved by grouping identical authorization schemes into groups and make that happen automatically by a pooler.
And about leaving things to the expers? The public repository are littered with attempts to do something less than well understood.
An extra bonus, by the way, is that my solution allows third parties to access the data with identical authentication and, more important, authorization schemes. No application framework lock in!