Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some fields namely password need to be hashed #52

Open
jrans opened this issue Sep 28, 2016 · 3 comments
Open

Some fields namely password need to be hashed #52

jrans opened this issue Sep 28, 2016 · 3 comments
Assignees
@jrans
Labels
enhancement

Comments

@jrans
Copy link
Member

jrans commented Sep 28, 2016
edited
Loading

Use bcrypt to hash fields before saving confidential information which should not be stored in db like password.

Have functionality to hash any payload based on fields config but have put on shelf. #58

Now will only hash "password" field before saying as our sole means of verification.
@jrans jrans mentioned this issue Sep 28, 2016
Closed
@jrans jrans self-assigned this Sep 29, 2016
@nelsonic
Copy link
Member

nelsonic commented Sep 29, 2016
edited
Loading

Passwords need to be hashed when they are inserted into the Database.
But they need to be in plaintext when you are comparing to an existing password that is stored in the DB so hashing it prematurely and discarding the plaintext is kinda useless ... 😕
see: https://github.com/ncb000gt/node.bcrypt.js/#to-check-a-password

https://www.youtube.com/watch?v=1in5wAVOyIk

@jrans jrans mentioned this issue Sep 29, 2016
Closed
@jrans
Copy link
Member Author

jrans commented Sep 29, 2016
edited
Loading

@nelsonic yep realised, though maybe with asynchronous validation functions we could use the compare method of bcrypt with a db request could be useful to validate the login request with joi? See progress of async extensions (could be also be used for checking username unique etc) but yes original proposal flawed!

jrans added a commit that referenced this issue Sep 29, 2016
@jrans
🔥 just let password tag denote hashing #52
161efc5
jrans added a commit that referenced this issue Sep 29, 2016
@jrans
➕ custom salt number default 10 #52
0bcc894
@jrans
Copy link
Member Author

jrans commented Sep 29, 2016

Note columns in db storing hashes need to be of length 60char

jrans added a commit that referenced this issue Sep 29, 2016
@jrans
➕ Allow configurable bcrypt salt number #52
18d43bc
jrans added a commit that referenced this issue Sep 29, 2016
@jrans
➕ Password field hashed on entry to db #52
89a4a71
jrans added a commit that referenced this issue Sep 29, 2016
@jrans
➕ Password field hashed on entry to db #52
4bae40d
@jrans jrans mentioned this issue Sep 29, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jrans jrans

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nelsonic @jrans