We cannot directly store user password in the database.

What need to do is creating a hashed & salted string which reperstanting the user password.

This password is not reverable. And very hard for hacker to guess what is the origial password by using Dictionary Attacks.

var crypto = require('crypto');

var password = "monkey";

// randomBytes: generate a salt pre user, salt should be stored with hashed password in the database
crypto.randomBytes(, function(err, salt) { // pbkdf2: combine the salt the hash password algorithm, to generate a safe password
crypto.pbkdf2(password, salt, , , 'sha256',
function(err, hash) { console.log("The result of hashing " + password + " is:\n\n" +
hash.toString('hex') + "\n\n"); }); });

[Web Security] Create a hash salt password which can stored in DB的更多相关文章

  1. [Security] Web Security Essentials

    In this course, we'll learn how to exploit and then mitigate several common Web Security Vulnerabili ...

  2. SPRING SECURITY JAVA配置:Web Security

    在前一篇,我已经介绍了Spring Security Java配置,也概括的介绍了一下这个项目方方面面.在这篇文章中,我们来看一看一个简单的基于web security配置的例子.之后我们再来作更多的 ...

  3. System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(string, string)已过时的解决办法

    FormsAuthentication.HashPasswordForStoringInConfigFile 方法是一个在.NET 4.5中已经废弃不用的API,参见: https://msdn.mi ...

  4. Talk In Web Security(安全世界观): Devleping a Secure WebSite

    Writer:BYSocket(泥沙砖瓦浆木匠) 微博:BYSocket 豆瓣:BYSocket Reprint it anywhere u want. Why to write about Web ...

  5. ref:web security最新学习资料收集

    ref:https://chybeta.github.io/2017/08/19/Web-Security-Learning/ ref:https://github.com/CHYbeta/Web-S ...

  6. Portswigger web security academy:Cross-origin resource sharing (CORS)

    Portswigger web security academy:Cross-origin resource sharing (CORS) 目录 Portswigger web security ac ...

  7. Portswigger web security academy:OAth authentication vulnerable

    Portswigger web security academy:OAth authentication vulnerable 目录 Portswigger web security academy: ...

  8. Portswigger web security academy:SQL injection

    Portswigger web security academy:SQL injection 目录 Portswigger web security academy:SQL injection SQL ...

  9. Portswigger web security academy:Stored XSS

    Portswigger web security academy:Stored XSS 目录 Portswigger web security academy:Stored XSS Stored XS ...

随机推荐

  1. Alcatraz:管理Xcode插件

    简单介绍 Alcatraz是一个帮你管理Xcode插件.模版以及颜色配置的工具. 它能够直接集成到Xcode的图形界面中,让你感觉就像在使用Xcode自带的功能一样. 安装和删除 使用例如以下的命令行 ...

  2. hdu1078 FatMouse and Cheese(记忆化搜索)

    转载请注明出处:http://blog.csdn.net/u012860063 题目链接:pid=1078" target="_blank">http://acm. ...

  3. Android 学习笔记进阶14之像素操作

    在我们玩的游戏中我们会经常见到一些图像的特效,比如半透明等效果.要实现这种半透明效果其实并不难,需要我们懂得图像像素的操作. 不要怕,其实在Android中Bitmap为我们提供了操作像素的基本方法. ...

  4. Elasticsearch之源码编译

    前期博客 Elasticsearch之下载源码 步骤 (1)首先去git下载源码 https://github.com/elastic/elasticsearch/tree/v2.4.3 下载下来,得 ...

  5. Wget使用

    http://www.tuicool.com/articles/A7BRny wget / curl 是两个比较方便的测试http功能的命令行工具,大多数情况下,测试http功能主要是查看请求响应 头 ...

  6. Java总结之线程

    [线程的基本概念] 线程是一个程序内部的顺序控制流. 线程和进程的差别:   每一个进程都有独立的代码和数据空间(进程上下文),进程间的切换会有较大的开销.   线程能够看成是轻量级的进程,同一类线程 ...

  7. js23---工厂模式1

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/stri ...

  8. js05---js实现Map

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/stri ...

  9. 【2017"百度之星"程序设计大赛 - 初赛(B)】度度熊的交易计划

    [链接]点击打开链接 [题意] 在这里写题意 [题解] 先设一个超级源点,向每个片区都建一条边,容量为b,费用为-a; 然后从每个片区再连一条边,指向一个超级汇点. 容量为d,费用为c; 然后从起点到 ...

  10. GIS学习 Geoserver使用添加、删除、查询地图中的POI

    geoserverwfs:Querywfs:Deletewfs:Updatewfs:Insert  在geoserver自定义的地图中通过geoserver wfs 查询,删除,添加相关的POI. 相 ...