Password hashing

Passwords are extremely sensitive data, let's then better protect them.

Before proceeding, there are still two password-related security issues.

First, the password is stored in the database as it is, without any transformation to cover its original contents. This is very dangerous. It should be hashed before being stored. Hashing is the process of transforming a value into another, in such a way that it should be impossible to go back to the initial value from the final value.

Second, a password should never be returned in a response from the backend, even hashed. It may be intercepted by an ill-intentioned agent and he may try to discover the password using brute force, for example, even though it will be much harder due to the hash.

Let's then begin to solve these issues.