We cannot directly store user password in the database.

What need to do is creating a hashed & salted string which reperstanting the user password.

This password is not reverable. And very hard for hacker to guess what is the origial password by using Dictionary Attacks.

var crypto = require('crypto');

var password = "monkey";

// randomBytes: generate a salt pre user, salt should be stored with hashed password in the database

crypto.randomBytes(, function(err, salt) {

  // pbkdf2: combine the salt the hash password algorithm, to generate a safe password

  crypto.pbkdf2(password, salt, , , 'sha256',

    function(err, hash) {

      console.log("The result of hashing " + password + " is:\n\n" +

        hash.toString('hex') + "\n\n");

    });

});

[Web Security] Create a hash salt password which can stored in DB的更多相关文章

  1. [Security] Web Security Essentials

    In this course, we'll learn how to exploit and then mitigate several common Web Security Vulnerabili ...

  2. SPRING SECURITY JAVA配置:Web Security

    在前一篇,我已经介绍了Spring Security Java配置,也概括的介绍了一下这个项目方方面面.在这篇文章中,我们来看一看一个简单的基于web security配置的例子.之后我们再来作更多的 ...

  3. System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(string, string)已过时的解决办法

    FormsAuthentication.HashPasswordForStoringInConfigFile 方法是一个在.NET 4.5中已经废弃不用的API,参见: https://msdn.mi ...

  4. Talk In Web Security(安全世界观): Devleping a Secure WebSite

    Writer:BYSocket(泥沙砖瓦浆木匠) 微博:BYSocket 豆瓣:BYSocket Reprint it anywhere u want. Why to write about Web ...

  5. ref:web security最新学习资料收集

    ref:https://chybeta.github.io/2017/08/19/Web-Security-Learning/ ref:https://github.com/CHYbeta/Web-S ...

  6. Portswigger web security academy:Cross-origin resource sharing (CORS)

    Portswigger web security academy:Cross-origin resource sharing (CORS) 目录 Portswigger web security ac ...

  7. Portswigger web security academy:OAth authentication vulnerable

    Portswigger web security academy:OAth authentication vulnerable 目录 Portswigger web security academy: ...

  8. Portswigger web security academy:SQL injection

    Portswigger web security academy:SQL injection 目录 Portswigger web security academy:SQL injection SQL ...

  9. Portswigger web security academy:Stored XSS

    Portswigger web security academy:Stored XSS 目录 Portswigger web security academy:Stored XSS Stored XS ...

随机推荐

  1. ORACLE遞歸查詢

    ORACLE支持常規的用CTE遞歸的方式實現遞歸查詢,也有自己特有的查詢方式,ORACLE文檔中叫層次數據查詢. 這裏通過一個簡單的样例來介紹這兩種查詢方式. 數據準備: CREATE TABLE T ...

  2. POJ 2374 线段树建图+Dijkstra

    题意: 思路: 线段树+Dijkstra(要堆优化的) 线段树要支持打标记 一个栅栏 拆成两个点 :左和右 新加一个栅栏的时候 看看左端点有没有被覆盖过 如果有的话 就分别从覆盖的那条线段的左右向当前 ...

  3. Spring Cloud Netflix Eureka client源码分析

    1.client端 EurekaClient提供三个功能: EurekaClient API contracts are:* - provide the ability to get Instance ...

  4. java poi操作excel示例代码

    import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io ...

  5. 在电子商务里,一般会提到这样几个词:商品、单品、SPU、SKU

    简单理解一下,SPU是标准化产品单元,区分品种:SKU是库存量单位,区分单品:商品特指与商家有关的商品,可对应多个SKU. 首先,搞清楚商品与单品的区别.例如,iphone是一个单品,但是在淘宝上当很 ...

  6. java使double保留两位小数的多方法

    java使double保留两位小数的多方法 java保留两位小数 mport java.text.DecimalFormat; DecimalFormat df = new DecimalFormat ...

  7. Linux下关机命令的区别 (halt,poweroff,reboot,shutdown,init)

    1.shutdown shutdown命令安全地将系统关机.    而在系统关机前使用shutdown命令﹐系统管理员会通知所有登录的用户系统将要关闭.并且login指令会被冻结﹐即新的用户不能再登录 ...

  8. 【2017 Multi-University Training Contest - Team 2】 Is Derek lying?

    [Link]: [Description] 两个人都做了完全一样的n道选择题,每道题都只有'A','B','C' 三个选项,,每道题答对的话得1分,答错不得分也不扣分,告诉你两个人全部n道题各自选的是 ...

  9. 【hdu 6038】Function

    [Link]:http://codeforces.com/contest/834/problem/C [Description] 给你两个排列a和b; a排列的长度为n,b排列的长度为m; a∈[0. ...

  10. Codeforces Round #316 (Div. 2) A B C

    A. Elections time limit per test 1 second memory limit per test 256 megabytes input standard input o ...