Menu
I have a form where people register and their info (including username and password) is saved in the database. Some of my friends told me to save the hash of the password not the password itself to protect against any hack trial if the hacker got access to the database. Is that effective? If the hacker got access to the database, he cam simply generate the hash of a new password and save it in the database, right?
And, using the hash makes it not easy to recover the password! How can I give the users the ability to recover passwords?