We cannot directly store user password in the database.

What need to do is creating a hashed & salted string which reperstanting the user password.

This password is not reverable. And very hard for hacker to guess what is the origial password by using Dictionary Attacks.

var crypto = require('crypto');

var password = "monkey";

// randomBytes: generate a salt pre user, salt should be stored with hashed password in the database

crypto.randomBytes(, function(err, salt) {

  // pbkdf2: combine the salt the hash password algorithm, to generate a safe password

  crypto.pbkdf2(password, salt, , , 'sha256',

    function(err, hash) {

      console.log("The result of hashing " + password + " is:\n\n" +

        hash.toString('hex') + "\n\n");

    });

});

[Web Security] Create a hash salt password which can stored in DB的更多相关文章

  1. [Security] Web Security Essentials

    In this course, we'll learn how to exploit and then mitigate several common Web Security Vulnerabili ...

  2. SPRING SECURITY JAVA配置:Web Security

    在前一篇,我已经介绍了Spring Security Java配置,也概括的介绍了一下这个项目方方面面.在这篇文章中,我们来看一看一个简单的基于web security配置的例子.之后我们再来作更多的 ...

  3. System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(string, string)已过时的解决办法

    FormsAuthentication.HashPasswordForStoringInConfigFile 方法是一个在.NET 4.5中已经废弃不用的API,参见: https://msdn.mi ...

  4. Talk In Web Security(安全世界观): Devleping a Secure WebSite

    Writer:BYSocket(泥沙砖瓦浆木匠) 微博:BYSocket 豆瓣:BYSocket Reprint it anywhere u want. Why to write about Web ...

  5. ref:web security最新学习资料收集

    ref:https://chybeta.github.io/2017/08/19/Web-Security-Learning/ ref:https://github.com/CHYbeta/Web-S ...

  6. Portswigger web security academy:Cross-origin resource sharing (CORS)

    Portswigger web security academy:Cross-origin resource sharing (CORS) 目录 Portswigger web security ac ...

  7. Portswigger web security academy:OAth authentication vulnerable

    Portswigger web security academy:OAth authentication vulnerable 目录 Portswigger web security academy: ...

  8. Portswigger web security academy:SQL injection

    Portswigger web security academy:SQL injection 目录 Portswigger web security academy:SQL injection SQL ...

  9. Portswigger web security academy:Stored XSS

    Portswigger web security academy:Stored XSS 目录 Portswigger web security academy:Stored XSS Stored XS ...

随机推荐

  1. C/C++获取本地时间常见方法

    跨平台方法 方法一:手动暴力法 #include <iostream> using namespace std; #include <time.h> time_t t = ti ...

  2. QVBoxLayout移除控件之后没有消失

    想在QWidget里面动态的添加和删除控件,给QWidget设置了一个布局管理器QVBoxLayout,要删除控件可以 使用QVBoxLayout::removeWidget(QWidget *w)方 ...

  3. Razor小案例

    Model using System; using System.Collections.Generic; using System.Linq; using System.Web; namespace ...

  4. js---对象 和 函数this

    一:对象创建的方法 //普通 字面量形式 var obj = { name:'名字', fn:function(){ console.log(this.name); } } //new 实例 var ...

  5. qrcode length overflow 生成二维码网址长度溢出解决办法

    QRCode.js is javascript library for making QRCode. QRCode.js supports Cross-browser with HTML5 Canva ...

  6. Python datetime time 等时间 日期 之间的计算和相互转化

    from datetime import datetime, date, timedelta, timezone from time import time, ctime, localtime, st ...

  7. Git学习总结(2)——初识 GitHub

    1. 写在前面 我一直认为 GitHub 是程序员必备技能,程序员应该没有不知道 GitHub 的才对,没想到这两天留言里给我留言最多的就是想让我写关于 GitHub 的教程,说看了不少资料还是一头雾 ...

  8. Jquery学习总结(1)——Jquery常用代码片段汇总

    1. 禁止右键点击 ? 1 2 3 4 5 $(document).ready(function(){     $(document).bind("contextmenu",fun ...

  9. js33--责任链模式

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/stri ...

  10. 团队作业-Beta冲刺(2)

    这个作业属于哪个课程 https://edu.cnblogs.com/campus/xnsy/SoftwareEngineeringClass2 这个作业要求在哪里 https://edu.cnblo ...