Salt and hashed password missing on some users
Question
I use a mongodb database for my users and bcrypt to store salt and hashed password on each all them.
All except the first 100 that signed up before I required password. They miss those properties.
What is the right approach now? Do I randomize salt and hash and write it on these users? Do I change the authentication code to check if salt/password is undefined (now it just crashes)?
What are the best practices in a situation like this?
1 answers
solution1
0 ACCPTED 2017-01-13 10:26:09
First of all you should always check if the data is there. For any real service crashing is not an option.
If you want everyone to have a password now then you have two options: either require those users to set up a password before they can do anything else, or just set a random password to them and email it to them.
The first option is harder to do because it can mean adding a lot of new logic. The second one is easier but you risk that people cannot log in because the emails got lost.
In any case your code should always be ready for a situation when some data in the database is missing or incorrect so even if you add passwords to all of the users, you should still check if it is there instead of crashing if it isn't.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.