Nodejs bcrypt库
[英]Nodejs bcrypt library
问题描述
I use the nodejs bcrypt library for better password protection. 
我使用nodejs bcrypt库来获得更好的密码保护。
I am not sure i understand exactly how to use it, but i got this so far: 我不确定我究竟该如何使用它,但到目前为止我得到了这个:
//A module containing this login function:
login: function(credentials,req,res) {
//"credentials" is containing email and password from login form
var query = 'SELECT password, email FROM users WHERE email = ? LIMIT 1';
client.query(query,[credentials.email], function(err, results) {
if (results[0]) {
//Compare passwords
if (bcrypt.compareSync(credentials.password, results[0].password)) {
//Set session data and redirect to restricted area
}
}
});
}
I removed all the error handling here in the example so that its easier to read the code. 我删除了示例中的所有错误处理,以便更容易阅读代码。
1.This works and i am able to login and set the session. 1.这工作,我能够登录和设置会话。 But is this all there is to it? 但这就是它的全部吗? Am i missing something? 我错过了什么吗?
2.Looks like the salt is prepended to the password when generating hash. 2.生成哈希时看起来就像密码前面有盐一样。 Dont I have to save the salt in db? 我不得不在db中保存盐吗?
Any help appreciated 任何帮助赞赏
1 个解决方案
解决方案1
6 已采纳 2012-05-28 00:08:24
Yes, this is all there is to it! 是的,这就是它的全部! The salt you generate when encrypting the password originally is used to prevent against rainbow table attacks; 加密密码时生成的盐最初用于防止彩虹表攻击; you do not need to persist it. 你不需要坚持下去。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.