I'm programming an authentication service.

I know the practice of generating a unique salt per user, stored in the DB with the hashed password, to prevent rainbow tables attacks.

I just had the idea of adding a second salt, inside the code, not existing in the DB, so if the database is leaked (but not the code), even weak passwords are not vulnerable to brutforce.

I seems to be a good idea to me, but as I'm not an expert I'd like to have the confirmation of people who are good in information security.