6
votes

As a matter of best practice in MVC, where should the logic go that deals with things such as password hashing/salting or data formatting before it gets sent to the database? I've read that the repository should only be used for logic that deals with data access. Is this something that belongs in a service layer? The controller? Does it even matter?

2

2 Answers

7
votes

I'd be inclined to put the hashing in the repository layer, if only for the practical reason that you know if there's more than one service class that needs to store passwords, you'll have some assurance they don't do the hashing differently. Basically, follow the DRY principle.

2
votes

I think it depends on how you look at it. I'd be inclined to think of password hashing as something as necessary and therefore akin to, for example, escaping input before it goes to the database. In that case it would belong in the repository