Storing a user and their password securely in a database
Storing a user entity in a database is no different from storing any other entity, and you can implement this in the same way as in Chapter 6, Databases and Asynchronous ORMs. The only thing you must be extremely cautious about is password storage. You must not store the password as plain text in your database. Why? If, unfortunately, a malicious person manages to get into your database, they’ll be able to get the passwords of all your users. Since many people use the same password multiple times, the security of their accounts on other applications and websites would be seriously compromised.
To avoid a disaster like this, we can apply cryptographic hash functions to the password. The goal of those functions is to transform the password string into a hash value. This is designed to make it near impossible to retrieve the original data from the hash. Hence, even if your database is compromised, the passwords are still...