georgesamper
Reputation: 5179
Nodejs bcrypt library
I use the nodejs bcrypt library for better password protection.
I am not sure i understand exactly how to use it, but i got this so far:
//A module containing this login function:
login: function(credentials,req,res) {
//"credentials" is containing email and password from login form
var query = 'SELECT password, email FROM users WHERE email = ? LIMIT 1';
client.query(query,[credentials.email], function(err, results) {
if (results[0]) {
//Compare passwords
if (bcrypt.compareSync(credentials.password, results[0].password)) {
//Set session data and redirect to restricted area
}
}
});
}
I removed all the error handling here in the example so that its easier to read the code.
1.This works and i am able to login and set the session. But is this all there is to it? Am i missing something?
2.Looks like the salt is prepended to the password when generating hash. Dont I have to save the salt in db?
Any help appreciated
Upvotes: 8
Views: 5480
Answers (1)
Michelle Tilley
Reputation: 159135
Yes, this is all there is to it! The salt you generate when encrypting the password originally is used to prevent against rainbow table attacks; you do not need to persist it.
Upvotes: 6
Related Questions
- encrypt/decrypt passwords with node.js
- Password hashing using bcrypt in nodejs
- Problems with bcrypt hash encryption - node.js
- using bcrypt for login in nodejs
- bcryptjs and mysql issues
- Hashing a password with bcrypt
- Node.js password hashing bcrypt alternative using crypto
- Nodejs, bcrypt , Mongoose
- Security Differences with bcrypt Node.js Modules
- Node.js and password security: three questions