We cannot directly store user password in the database.

What need to do is creating a hashed & salted string which reperstanting the user password.

This password is not reverable. And very hard for hacker to guess what is the origial password by using Dictionary Attacks.

var crypto = require('crypto');

var password = "monkey";

// randomBytes: generate a salt pre user, salt should be stored with hashed password in the database

crypto.randomBytes(, function(err, salt) {

  // pbkdf2: combine the salt the hash password algorithm, to generate a safe password

  crypto.pbkdf2(password, salt, , , 'sha256',

    function(err, hash) {

      console.log("The result of hashing " + password + " is:\n\n" +

        hash.toString('hex') + "\n\n");

    });

});

[Web Security] Create a hash salt password which can stored in DB的更多相关文章

  1. [Security] Web Security Essentials

    In this course, we'll learn how to exploit and then mitigate several common Web Security Vulnerabili ...

  2. SPRING SECURITY JAVA配置:Web Security

    在前一篇,我已经介绍了Spring Security Java配置,也概括的介绍了一下这个项目方方面面.在这篇文章中,我们来看一看一个简单的基于web security配置的例子.之后我们再来作更多的 ...

  3. System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(string, string)已过时的解决办法

    FormsAuthentication.HashPasswordForStoringInConfigFile 方法是一个在.NET 4.5中已经废弃不用的API,参见: https://msdn.mi ...

  4. Talk In Web Security(安全世界观): Devleping a Secure WebSite

    Writer:BYSocket(泥沙砖瓦浆木匠) 微博:BYSocket 豆瓣:BYSocket Reprint it anywhere u want. Why to write about Web ...

  5. ref:web security最新学习资料收集

    ref:https://chybeta.github.io/2017/08/19/Web-Security-Learning/ ref:https://github.com/CHYbeta/Web-S ...

  6. Portswigger web security academy:Cross-origin resource sharing (CORS)

    Portswigger web security academy:Cross-origin resource sharing (CORS) 目录 Portswigger web security ac ...

  7. Portswigger web security academy:OAth authentication vulnerable

    Portswigger web security academy:OAth authentication vulnerable 目录 Portswigger web security academy: ...

  8. Portswigger web security academy:SQL injection

    Portswigger web security academy:SQL injection 目录 Portswigger web security academy:SQL injection SQL ...

  9. Portswigger web security academy:Stored XSS

    Portswigger web security academy:Stored XSS 目录 Portswigger web security academy:Stored XSS Stored XS ...

随机推荐

  1. 数据库SQL Server2012笔记(四)——多表查询、子查询、分页查询、用查询结果创建新表和外连接

    1.多表查询 1)笛卡尔集: select  *  from  表名1,表名2 select  *  from  表名1.表名2  where   表名1.字段名=表名2.字段名 注: 若有两张表有同 ...

  2. js中由undefined说起

    typeof()函数 返回的是字符串.有六种可能:"number"."string"."boolean"."object" ...

  3. python-安装xlrd xlwt 插件

    最近需要对比两个表格的内容,然后修改其中的某列内容.因为工作量太大,所以想通过python来实现.上网查了相关的操作,其中牵扯到两个功能模块,xlrd xlwt.这两个功能模块分别是对excel进行读 ...

  4. android图像处理(3) 底片效果

    这篇将讲到图片特效处理的底片效果.跟前面一样是对像素点进行处理,算法是通用的. 算法原理:将当前像素点的RGB值分别与255之差后的值作为当前点的RGB值. 例: ABC 求B点的底片效果: B.r ...

  5. Inversion of Control Containers and the Dependency Injection pattern--Martin Fowler

    原文地址:https://martinfowler.com/articles/injection.html n the Java community there's been a rush of li ...

  6. js闭包注意事项

    /关于闭包使用应该注意的 // 1 闭包在父函数每次调用都会产生不同的闭包 // 2 闭包中子函数使用父函数变量的变量不是复制 是引用 // 3 闭包在循环中使用

  7. php汉字转化为拼音函数

    <?php function Pinyin($_String, $_Code='gb2312'){ $_DataKey = "a|ai|an|ang|ao|ba|bai|ban|ban ...

  8. HUD——T 3836 Equivalent Sets

    http://acm.hdu.edu.cn/showproblem.php?pid=3836 Time Limit: 12000/4000 MS (Java/Others)    Memory Lim ...

  9. 将字符串使用md5加密

    >>> import md5 >>> md5.md5('123').hexdigest() '202cb962ac59075b964b07152d234b70' & ...

  10. 「微信小程序」有哪些冲击与机会?

    昨天晚上相信大家的朋友圈被「微信小程序」刷屏了,这影响力赶上了国务院出台新政策一样,足以说明微信在中国的影响力之大. 然后今天公号后台一大堆人问我怎么看这件事,不少人非常忧虑,仿佛自己将要失业一样. ...