NB-1: This is the first post in a series
[https://www.coffeeonthekeyboard.com/best-basic-security-practices-especially-with-django-697/] of
posts on web application security.
NB-2: Fred [http://fredericiana.com/] wrote a great post on password storage
[https://blog.mozilla.org/webdev/2012/06/08/lets-talk-about-password-storage/].
You should read it.
I’m assuming we’re