In a website that requires users to log on where are their password hashes stored? I'm thinking they could be stored in a text file or database. Also I plan on using Blowfish to produce the hash that will be saved. Is this a good idea?
They are stored in a database, this way they are far more accessible and easy to work with.