default PasswordEncoder
- userDetailManager deal with password default
- it's just storing plain text so It's too danger in authentication
Encoding VS Encryption VS Hashing
- encoding and encryption is dangerouse
- encoding can't block any users
- tester can find encryption and decryption, if he try a lot
- so it's recommand to use hashing
- it encrypt and decrypt by using hash function
- Bcrypt is one of hashing algorithm
- hasing text makes ramdom, if you try to insert data, and hashing text will insert into db
- if you try to login, hashing function compare your text to hashing text and then return result.
hashing PasswordEncoder
PasswordEncoder interface
- don't use StandardPasswordEncoder
- recommand BCryptPasswordEncoder
- if hacker get all id list, then try a lot he can decrypt hash function.
* so you ask for user to make password longer then 6 charactor.
신입 웹개발자입니다.