Salt is not stored in the database in yii2

Question

In yii2,the table structure for the user table does not include a salt column.

 $this->createTable('tbl_user', [
        'id' => Schema::TYPE_PK,
        'username' => Schema::TYPE_STRING . ' NOT NULL',
        'auth_key' => Schema::TYPE_STRING . '(32) NOT NULL',
        'password_hash' => Schema::TYPE_STRING . ' NOT NULL',
        'password_reset_token' => Schema::TYPE_STRING . '(32)',
        'email' => Schema::TYPE_STRING . ' NOT NULL',
        'role' => Schema::TYPE_SMALLINT . ' NOT NULL DEFAULT 10',

        'status' => Schema::TYPE_SMALLINT . ' NOT NULL DEFAULT 10',
        'create_time' => Schema::TYPE_INTEGER.' NOT NULL',
        'update_time' => Schema::TYPE_INTEGER.' NOT NULL',
    ], $tableOptions);

This really make me confused. Although Yii uses a salted hash, its not stored in the database by default. Should i rewrite the code to make it store in the database?What if i do not sore the salt in the database?

Answer 1

This salt, used in Yii2 Security helper doesn't require for storing in db, it is only used for creating password hash, but not need to compare password with hash. So it's pretty secure.