stackoom
  简体   繁体   中英

NodeJS - Passport password appears as plain text in DB

 原文  2014-01-11 19:09:20       node.js/ passport.js

Question

Probably I am missing something here.

Got an Express server with MongoDB and i'm using passport to authenticate. I'm using one of the standard code example to signup and it seems ok, but I can see the password I type in the password field (plain text) in my DB.
I expected it to be encrypted...

Am i doing something wrong?

1 answers

solution1
 1 ACCPTED  2014-01-11 19:53:29

You have to hash the password yourself. Here is how to do it using brcypt: 

function hashPassword (password) {
    return bcrypt.hashSync(password, bcrypt.genSaltSync());
}

So before you save your user to the DB simply invoke that function like so: 

 user.password = hashPassword(thepassword);

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can I use Salt instead of plain text password in a Passport Strategy? NodeJS [Passport] Reset password How to secure my NodeJS code - no plain password and no text file if possible change password in nodejs, mongoDB with passport Sending a plain text password to nodejs express server. Am I overthinking password security? Can't compare password with hash Passport NodeJS NodeJS LDAP authentication using Passport and password encryption how to force password with passport google oauth in nodejs How to encrypt plain text in nodejs Passport bcrypt password is different than password from db
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM