Home/ Questions/Q 1047013
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T16:14:14+00:00

I am building a project, which has a pretty basic login system. There will

  • 0

I am building a project, which has a pretty basic login system. There will NO REGISTRATION system available, the users will be added manually. Also i protected the databases data input gates very well. So after all, do i still need to hash and even salt the users passwords?

And if your answer is yes, the next question is why?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you generate the password for each user and do not let the user change the password, then you can make a case for not hashing them.

    However:

    • You will have to explain to everyone that audits the system why you are not hashing the passwords.
    • You will have to have some way of proving that a system admin did not look at a user’s password then logon as the user.
    • A lot of programmers will think you don’t know what you are doing.
    • What if the system is changed at some point, or the code gets copied into another system.

    I think of this like crossing a road.

    You always look both ways even if the
    green man says it is OK to cross.

    (It is quicker to look both ways, then explain to any watching children etc why you don’t need to in this case)

    • 0