Reputation: 87
Using your own credentials in Nodejs app, is it safe?
is it save to upload your nodejs application that uses your own credentials to login?
Edited : I am using my password and username -I am storing them in json file and reading form this file- to login into my account in an automated way, is it save to host this app or this will be threaten my privacy?
Upvotes: 0
Views: 653
Answers (3)
Reputation: 2929
If you mean storing username & password for the last user that logged-in, the common approach is storing a token in the app.
I'm guessing you are logging in to an online service that you coded:
For instance login through the app to the server, get a token in exchange, next time for auto login instead of username & password send that token, if token still valid (time limit, or login from another location should change/delete token in the server) then the server should respond you as you are logged in.
If it is something else;
Like an offline app, but that still requires a login, if they create a user account in the app; a) Hash user's password with an encryption library something like CryptoJS https://github.com/brix/crypto-js But remember do not bundle password with the app, on first launch ask for password then store it. So you can avoid accidental password share.
From docs:
var CryptoJS = require("crypto-js");
// Encrypt
var ciphertext = CryptoJS.AES.encrypt('my message', 'secret key 123').toString();
// Decrypt
var bytes = CryptoJS.AES.decrypt(ciphertext, 'secret key 123');
var originalText = bytes.toString(CryptoJS.enc.Utf8);
console.log(originalText); // 'my message'
b) just make the app remember username only, make the user use the password.
What you are going to follow depends on what are you trying to achieve and how your app works.
Upvotes: 1
Reputation: 131
You should never store username and password in the JSON file as you will pushing the code to GitHub or bitbucket. Storing password will be very much vulnerable. Instead of that you can store encrypted version of password or you can use database for storing username and password.
Upvotes: 1
Reputation: 121
You should avoid storing your password anywhere, you could commit your code to Github with the password (very common) and your password could be publicly available, also you need to be able to trust the place you are going to be hosting your server. You should make use of something like Azure Key Vault for storing your passwords if you are using Azure. If your application has to have the password stored then have it hashed and salted, revealing of the hash and salted password will not be as bad as revealing your password.
Upvotes: 1
Related Questions
- Which is the best way to store sensitive credentials in Node.js?
- Is it safe to store a password in a Node.js file?
- Nodejs authorization approaches
- Node server: is it safe to put security credentials in npm scripts?
- Node js : How can I integrate authorization and authentication to my node application?
- node.js protecting DB credentials
- Is nodejs secure as is?
- How to use User Authentication with node.js
- How can I connect to API securely?
- Confusion about using REST API authentication in NodeJS