❔ Where to store hashed user passwords
I'm working on a really small project just to learn more about ASP.NET and DB stuff. I have a users system, and my DB user entity and user model look like this
Whenever I need to check the password in my endpoints, I'm just doing so by getting the user entity directly from the DB. However, this feels kinda wrong, since ideally I'd have some kind of service which returns users from the DB. So my question is, would it be better to have the
HashedPassword in the model instead of the entity? The issue then becomes that I'd need a third DTO type which is the same as the model but without the password which I return from my endpoints, and that feels kinda annoying.8 Replies
The hashed password needs to be in the entity one way or another, since the entity describes the database table
I'd say go ahead with another DTO
well the original password shouldn't be kept anyway...
Well it's hashed
and salted (I think)
ah ok
That's why it's
HashedPassword
Need to keep it somewhere such that it's accessible to the rest of my services but not exposed to the API
But yeah I'll use a DTO, sounds decent enoughwe have authentication data enitrely on another db
(because of gdpr and stuff)
i think that's common practice (for decent size systems)
My system is miniscule
Was this issue resolved? If so, run
/close - otherwise I will mark this as stale and this post will be archived until there is new activity.