Section
1.2.1
Top Level
Sub Level
General
User passwords should be stored in hashed form. Validation should then compare the hashed value of the supplied password to the stored hash value. Consider incorporating "salt" to avoid collisions and possible repository-based pre-computed hash attacks. If plain text versions of passwords must be used, they should be cleared from memory as soon as possible.
Coldfusion
Use the Hash() or Encrypt() and Decrypt() functions. There are a number of algorithms available to use. The default option of CFMX_COMPAT is the least secure of the options. The encrypted data can also be encoded for additional security.
Django
If using Django's contrib.auth User model for storing passwords, SHA256 hashing with a salt is how passwords are stored by default. See django.contrib.auth.models.User.set_password().