[Author's note: This article was originally written as a recipe for the book Spring in Practice, which my brother John and I are writing for Manning Publications, but we just didn't have enough room to include it. It's still (we think, anyway) a great recipe, so we're making it available here free of charge. This will give readers of this website a chance to see the sort of recipe we're including in our book.
This material is based upon another article on this website called Storing Passwords Securely. The difference is that Storing Passwords Securely is not Spring-specific, whereas the present article is. — Willie]
When you're building an application involving user passwords, one of the challenges is to protect the passwords from prying eyes. We generally want to protect user registration data in transit from the browser to the server to prevent eavesdroppers on the network from getting at that data. But it's not enough to protect the data in transit. It's as important to store it securely.
It may not be immediately clear why you need to store the passwords securely. If, for instance, you have a corporate firewall that prevents the bad guys on the outside from getting to your password store, then why bother?
There are a few different answers to that. First, one basic security principle is to take a layered approach. There are no security silver bullets, and so overreliance on any particular process or technology (such as firewalls) creates unnecessary risk. Storing passwords securely gives you protection if a bad guy somehow gets in. (And it happens.)
A second answer is that the question makes the faulty assumption that the bad guys are on the outside. In an organization of any size, you can't be sure that you don't have bad guys on the inside, and the last thing you want them to do is use user passwords to log into your websites, or even other websites. The latter is a real concern since many users tend to use the same (or similar) passwords on multiple sites.
A third answer is that even if your organization is small (maybe it's just you), you'd like to be able to tell your users in your privacy policy that their passwords are stored securely, and that no one—not even the technical folks who administer the site—has any ability to see the stored passwords. That gives your users greater confidence that their information is safe and that you're taking security seriously.
So let's get to it!