I am a novice in web development. I use Java and try develop simple pilot application with registration functionality. I do not want to store a user password in the database explicitly for security.
I was told that it is necessary to store the password hash. But what does this mean? What is hash? I know that in Java, every object has a unique hash code. This is what I need? I need to call method hashcode() of the password? Maybe I just need to apply the encryption method? Or first get the hash code for my password and then to encrypt it?
I think there are a lot of options and approaches for safety storing passwords. But what exactly is meant by the hash in this case?
It means that you don’t store user password in plain text as user entered it on registration, instead hash the password with an irreversible hash algorithm such as MD5 and save this value to database.
Here is an answer that explains how to
How can I generate an MD5 hash?
When checking password, hash the password user entered in login form using same algorithm, then compare it with the one saved in database.