Rodauth stores the password hash in a separate
account_password_hashes table. This makes it a lot less likely that the password hashes will be leaked, especially if you use Rodauth’s default approach of using database functions for checking the hashes.
However, if you have reasons for storing the password hashes in
accounts table that outweigh the security benefits of Rodauth’s default approach,
Rodauth supports that.
To do this, add the password hash column to the
alter_table :accounts do add_column :password_hash, String end
And then tell
Rodauth to use it:
plugin :rodauth do enable :login, :logout # Use the password_hash column in the accounts table account_password_hash_column :password_hash end