Reputation: 3592
Meteor - Validate user password on server on new user creation
After calling Accounts.createUser() I'd like to validate password string on the server (that it is of allowed length and so forth..).
As far as I know, meteor sends SHA256 hash to the server instead of plaintext.
So is there a way to lookup that hash and get a plaintext password on the server?
More generally: is there a way to validate a password server side?
Update
After reading on hashes (link supplied in comments) and some more research I've understood there's no way to lookup a hash, plus g I've found out that sha256 string can encode terabytes of string input, but is always 64chars in length itself.
So no need to worry about password length bytesize in DB. Good to know =)
Upvotes: 0
Views: 101
Answers (1)
Reputation: 4049
You are not supposed to have plaintext passwords on the server. If you did that, you could technically store the password as plaintext instead of hashing it, which is a security no-no.
If you really wanted to do this (and I don't recommend it), you would have to remove the accounts-password package and roll your own (insecure) authentication.
Upvotes: 1
Related Questions
- Meteor accounts-password && accounts-google user creation conflict
- bcrypt between node and meteor servers invalid compare
- Meteor: Debug on server side
- Adding a field to the user document on new user creation (Meteor)
- Meteor server-side redirection when new user is created
- set a new password to a user in Meteor
- New user can't change password in Meteor
- How to validate user creation on the server in Meteor