admin管理员组

文章数量:1336632

I use the nodejs bcrypt library for better password protection.

I am not sure i understand exactly how to use it, but i got this so far:

//A module containing this login function:

login: function(credentials,req,res) {

    //"credentials" is containing email and password from login form

    var query = 'SELECT password, email FROM users WHERE email = ? LIMIT 1';

    client.query(query,[credentials.email], function(err, results) {

        if (results[0]) {

            //Compare passwords
        if (bcryptpareSync(credentials.password, results[0].password)) {

                //Set session data and redirect to restricted area

            }
        }
    });
}

I removed all the error handling here in the example so that its easier to read the code.

1.This works and i am able to login and set the session. But is this all there is to it? Am i missing something?

2.Looks like the salt is prepended to the password when generating hash. Dont I have to save the salt in db?

Any help appreciated

I use the nodejs bcrypt library for better password protection.

I am not sure i understand exactly how to use it, but i got this so far:

//A module containing this login function:

login: function(credentials,req,res) {

    //"credentials" is containing email and password from login form

    var query = 'SELECT password, email FROM users WHERE email = ? LIMIT 1';

    client.query(query,[credentials.email], function(err, results) {

        if (results[0]) {

            //Compare passwords
        if (bcrypt.pareSync(credentials.password, results[0].password)) {

                //Set session data and redirect to restricted area

            }
        }
    });
}

I removed all the error handling here in the example so that its easier to read the code.

1.This works and i am able to login and set the session. But is this all there is to it? Am i missing something?

2.Looks like the salt is prepended to the password when generating hash. Dont I have to save the salt in db?

Any help appreciated

  • javascript
  • mysql
  • node.js
  • password-protection
  • bcrypt
Share Improve this question edited Jun 5, 2012 at 20:58 georgesamper asked May 28, 2012 at 0:00 georgesampergeorgesamper 5,1795 gold badges44 silver badges60 bronze badges
Add a ment  | 

1 Answer 1

Reset to default 6

Yes, this is all there is to it! The salt you generate when encrypting the password originally is used to prevent against rainbow table attacks; you do not need to persist it.

本文标签: javascriptNodejs bcrypt libraryStack Overflow

版权声明:本文标题:javascript - Nodejs bcrypt library - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742412113a2469996.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。