Never store passwords or move them across the wire in plaintext. In OrigoDB this means
Don’t put passwords in the model
Don’t put passwords in any commands
Don’t pass passwords to command methods when using proxy
Passwords in the model will be included in snapshots while commands, both explicit and implicit in the case of proxying, will be written to the journal.
The common way to ‘remember’ passwords is by computing and storing a hash, preferably using some salt. The following example class will help you achieve this while encapsulating all the details. To learn more check out Hash and salt passwords in c# on Stack Overflow. Feel free to copy and use the code.
Using the HashedPassword class in an OrigoDB data model
Here’s some code showing how to use the HashedPassword class.
Calling from the service/application layer
Here’s an example ASP.NET MVC Controller method calling into Origo. The plain text password is transmitted using http POST from the web page, make sure you are using SSL. It only exists in memory for the duration of the request.