We cannot directly store user password in the database.

What need to do is creating a hashed & salted string which reperstanting the user password.

This password is not reverable. And very hard for hacker to guess what is the origial password by using Dictionary Attacks.

var crypto = require('crypto');

var password = "monkey";

// randomBytes: generate a salt pre user, salt should be stored with hashed password in the database

crypto.randomBytes(, function(err, salt) {

  // pbkdf2: combine the salt the hash password algorithm, to generate a safe password

  crypto.pbkdf2(password, salt, , , 'sha256',

    function(err, hash) {

      console.log("The result of hashing " + password + " is:\n\n" +

        hash.toString('hex') + "\n\n");

    });

});

[Web Security] Create a hash salt password which can stored in DB的更多相关文章

  1. [Security] Web Security Essentials

    In this course, we'll learn how to exploit and then mitigate several common Web Security Vulnerabili ...

  2. SPRING SECURITY JAVA配置:Web Security

    在前一篇,我已经介绍了Spring Security Java配置,也概括的介绍了一下这个项目方方面面.在这篇文章中,我们来看一看一个简单的基于web security配置的例子.之后我们再来作更多的 ...

  3. System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(string, string)已过时的解决办法

    FormsAuthentication.HashPasswordForStoringInConfigFile 方法是一个在.NET 4.5中已经废弃不用的API,参见: https://msdn.mi ...

  4. Talk In Web Security(安全世界观): Devleping a Secure WebSite

    Writer:BYSocket(泥沙砖瓦浆木匠) 微博:BYSocket 豆瓣:BYSocket Reprint it anywhere u want. Why to write about Web ...

  5. ref:web security最新学习资料收集

    ref:https://chybeta.github.io/2017/08/19/Web-Security-Learning/ ref:https://github.com/CHYbeta/Web-S ...

  6. Portswigger web security academy:Cross-origin resource sharing (CORS)

    Portswigger web security academy:Cross-origin resource sharing (CORS) 目录 Portswigger web security ac ...

  7. Portswigger web security academy:OAth authentication vulnerable

    Portswigger web security academy:OAth authentication vulnerable 目录 Portswigger web security academy: ...

  8. Portswigger web security academy:SQL injection

    Portswigger web security academy:SQL injection 目录 Portswigger web security academy:SQL injection SQL ...

  9. Portswigger web security academy:Stored XSS

    Portswigger web security academy:Stored XSS 目录 Portswigger web security academy:Stored XSS Stored XS ...

随机推荐

  1. TRIZ系列-创新原理-31-多孔材料原理

    多孔材料原理的详细描写叙述例如以下:1)让物体变成多孔的.或者使用辅助的多孔部件(如插入,覆盖):2)假设一个物体已经是多孔了,那么事先往里面填充某种物质:这个原理提出的原因是,一般机械系统通常都是由 ...

  2. LeetCode102 Binary Tree Level Order Traversal Java

    题目: Given a binary tree, return the level order traversal of its nodes' values. (ie, from left to ri ...

  3. Java的线程机制

    一.Java中实现多线程的两种方式1) 继承Thread类 Thread类包括了包括和创建线程所需的一切东西. Thread 最重要的方法是 run().编写线程程序时须要覆盖 run() 方法,ru ...

  4. 下载eclipse详细步骤

    先登陆eclipse的官网 然后点击红色箭头进行选择你电脑是32还是64位的 根据自己的需求下载 然后点击下载 这里下载的是安装包,你要进行压缩.安装时一定要好相应的jdk要不然就会报错 这上面的错误 ...

  5. html --- rem 媒体查询

    rem是一种相对长度单位,参考的基准是<html>标签定义的font-size. viewport 做移动端的h5,通常会在HTML文件中指定一个<meta>标签: <m ...

  6. 微信小程序从零开始开发步骤(六)4种页面跳转的方法

    用法:用于页面跳转,相当于html里面的<a></a>标签. API教程:https://mp.weixin.qq.com/debug/wxadoc/dev/component ...

  7. PLSQL乱码&TNS-12557: protocol adapter not loadable解决

    PLSQL乱码&TNS-12557: protocol adapter not loadable解决 PLSQL乱码&TNS-12557: protocol adapter not l ...

  8. 关于oracle sql语句查询时 表名和字段名要加双引號的问题具体解释

      作为oracle的刚開始学习的人相信大家一定会遇到这个问题.如图:          明明就是navicat可视化创建了表,但是就是不能查到!这个为什么呢?           select * ...

  9. Android使用蓝牙连接adb调试App

    使用WiFi连接Android设备调试APP的教程非常多,可是项目中须要使用蓝牙进行通信.所以牵扯使用蓝牙调用adb. 1.   将电脑蓝牙与手机进行配对(控制面板->设备和打印机->加入 ...

  10. 7lession-基础数据使用介绍

    1.数值 这个使用比较简单 a = 1 b = 3.2 c = 12.5+4j d = 20L 2.字符串 代码 s = "hello world,i am comming" pr ...