Y
Hacker News
new
|
ask
|
show
|
jobs
by
Misiek
5191 days ago
yes, I put the first salt in database and the second salt under www-root. Hacker who hack the database only will not know the fist salt.
1 comments
leftnode
5191 days ago
I think you have to assume worst case: if they have access to your database, they have access to your web root. It might not be the case, but you should assume that.
link