Write your own PasswordEncoder. NOT!
Hi,
Have you ever written your own password encoder? I haven’t exactly - but I had to use a homemade one. In a central User-Management-Service, the customer data of all users came together. And in this, the passwords were stored. Thus, when registering a new user, the same encoder had to be used.
In practice - fortunately - it did not blow up in our faces. But it was highly critical. The encoding was not strong. The Salt was still based on MD5. Even at that time, it was no longer a strong hashing algorithm. The trivial solution to make it “safer”: Simply apply it twice. No one will think of that 🤦♂️