Hacker News new | comments | ask | show | jobs | submit login

is there a better solution that encrypting data and putting the password in the source? obviously this is for cases where you can't use a hash.

it seems to me that, at least, it would make sense to have the db and web server physically separate in that case (although i guess someone stealing hardware is not normally a common scenario).

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact