We cannot directly store user password in the database.

What need to do is creating a hashed & salted string which reperstanting the user password.

This password is not reverable. And very hard for hacker to guess what is the origial password by using Dictionary Attacks.

var crypto = require('crypto');

var password = "monkey";

// randomBytes: generate a salt pre user, salt should be stored with hashed password in the database

crypto.randomBytes(, function(err, salt) {

  // pbkdf2: combine the salt the hash password algorithm, to generate a safe password

  crypto.pbkdf2(password, salt, , , 'sha256',

    function(err, hash) {

      console.log("The result of hashing " + password + " is:\n\n" +

        hash.toString('hex') + "\n\n");

    });

});

[Web Security] Create a hash salt password which can stored in DB的更多相关文章

  1. [Security] Web Security Essentials

    In this course, we'll learn how to exploit and then mitigate several common Web Security Vulnerabili ...

  2. SPRING SECURITY JAVA配置:Web Security

    在前一篇,我已经介绍了Spring Security Java配置,也概括的介绍了一下这个项目方方面面.在这篇文章中,我们来看一看一个简单的基于web security配置的例子.之后我们再来作更多的 ...

  3. System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(string, string)已过时的解决办法

    FormsAuthentication.HashPasswordForStoringInConfigFile 方法是一个在.NET 4.5中已经废弃不用的API,参见: https://msdn.mi ...

  4. Talk In Web Security(安全世界观): Devleping a Secure WebSite

    Writer:BYSocket(泥沙砖瓦浆木匠) 微博:BYSocket 豆瓣:BYSocket Reprint it anywhere u want. Why to write about Web ...

  5. ref:web security最新学习资料收集

    ref:https://chybeta.github.io/2017/08/19/Web-Security-Learning/ ref:https://github.com/CHYbeta/Web-S ...

  6. Portswigger web security academy:Cross-origin resource sharing (CORS)

    Portswigger web security academy:Cross-origin resource sharing (CORS) 目录 Portswigger web security ac ...

  7. Portswigger web security academy:OAth authentication vulnerable

    Portswigger web security academy:OAth authentication vulnerable 目录 Portswigger web security academy: ...

  8. Portswigger web security academy:SQL injection

    Portswigger web security academy:SQL injection 目录 Portswigger web security academy:SQL injection SQL ...

  9. Portswigger web security academy:Stored XSS

    Portswigger web security academy:Stored XSS 目录 Portswigger web security academy:Stored XSS Stored XS ...

随机推荐

  1. leetcode 链表 Partition List

    Partition List Total Accepted: 19761 Total Submissions: 73252My Submissions Given a linked list and ...

  2. 获取个人借阅信息---图书馆client

    在上一篇利用jsoup解析个人信息----图书馆client,获得个人基本信息后.便有了进一步的需求:获取当前借阅的具体信息 获取的方法还是一样的.利用jsoup解析借阅信息页面,获得所需数据,封装成 ...

  3. Elasticsearch之marvel(集群管理、监控)插件安装之后的浏览详解

    前提 Elasticsearch之插件介绍及安装 https://i.cnblogs.com/posts?categoryid=950999&page=2  (强烈建议,从头开始看) 比如,我 ...

  4. 在电子商务里,一般会提到这样几个词:商品、单品、SPU、SKU

    简单理解一下,SPU是标准化产品单元,区分品种:SKU是库存量单位,区分单品:商品特指与商家有关的商品,可对应多个SKU. 首先,搞清楚商品与单品的区别.例如,iphone是一个单品,但是在淘宝上当很 ...

  5. HDU 2564 饭卡

    饭卡 Time Limit: 5000/1000 MS (Java/Others)    Memory Limit: 32768/32768 K (Java/Others)Total Submissi ...

  6. ssh-agent && 及 ssh-add介绍

    ssh-agent命令是一种控制用来保存公钥身份验证所使用的私钥的程序.ssh-agent在X会话或登录会话之初启动,所有其他窗口或程序则以客户端程序的身份启动并加入到ssh-agent程序中.通过使 ...

  7. Python爬虫之『urlopen』

    本文以爬取百度首页为示例来学习,python版本为python3.6.7,完整代码会在文章末附上 本次学习所用到的python框架:urllib.request 本次学习所用到的函数: urllib. ...

  8. SNMP介绍,OID及MIB库

    http://blog.sina.com.cn/s/blog_4502d59c0101fcy2.html

  9. Hive通过查询语句向表中插入数据过程中发现的坑

    前言 近期在学习使用Hive(版本号0.13.1)的过程中,发现了一些坑,它们也许是Hive提倡的比关系数据库更加自由的体现(同一时候引来一些问题).也许是一些bug.总而言之,这些都须要使用Hive ...

  10. Android——解决port占用问题导致的模拟器无法识别

    遇到一个问题:昨天模拟器工作还正常,今天eclipse就识别不了了.后来发现是360手机助手占用了5555port造成的,我就纳闷了,平时这个也不是自己主动启动.今天就启动了.废话不多说,就几个步骤就 ...