O'Reilly logo

Secure Your Node.js Web Application by Karl Duuna

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Store the Secret in a Safe Place

Let’s start with storage—you have to store the password somewhere so that you can validate that the user knows the secret. There’s a big difference between saving the password and saving the password securely.

First off, and I do hope I stress this enough, never, ever store passwords in plain text. That’s just asking for trouble. You may think that people who will see the passwords will already have access to the data—so what’s the big deal. Oh, how wrong you would be.

There are two important differences between storing passwords in plain text and hashed: impersonation and collateral damage. First off, seeing the password in hashed format will not allow you to simply log in as the user because you still don’t ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required