O'Reilly logo

Identity and Data Security for Web Development by Tim Messerschmidt, Jonathan LeBlanc

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 2. Password Encryption, Hashing, and Salting

In the first chapter you learned about the underlying concepts of password security, and the current state of the industry and standards that are employed. Let’s start putting some of that into practice as we explore the practical application of password encryption and security. To start this implementer’s approach, let’s first look at the ways that data can be transmitted and stored.

Data at Rest Versus Data in Motion

As we start to explore the concepts of data security, there are two important concepts that we should address: data in motion versus data at rest.

When we talk about data at rest, we mean the inactive (or resting) digital data that is being stored on your servers, such as the databases that you are using to store passwords, profile information, or any other details needed within your application.

When we discuss the concept of data in motion, we’re talking about any data that is in transit, being sent back and forth from an application to a database, or communication back and forth between websites and APIs or external data sources.

Data at Rest

If you’re talking about credit card environments, where you’ve got a requirement to encrypt the credit card information at rest, I think the most common method people use there is enabling encryption within the database. That’s typically about as good as it gets in terms of host-based encryption.1

Chris Gatford, Hacklabs

Web and application developers ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required