[Web Security] Create a hash salt password which can stored in DB
Posted Answer1215
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了[Web Security] Create a hash salt password which can stored in DB相关的知识,希望对你有一定的参考价值。
We cannot directly store user password in the database.
What need to do is creating a hashed & salted string which reperstanting the user password.
This password is not reverable. And very hard for hacker to guess what is the origial password by using Dictionary Attacks.
var crypto = require(‘crypto‘); var password = "monkey"; // randomBytes: generate a salt pre user, salt should be stored with hashed password in the database crypto.randomBytes(256, function(err, salt) { // pbkdf2: combine the salt the hash password algorithm, to generate a safe password crypto.pbkdf2(password, salt, 100000, 512, ‘sha256‘, function(err, hash) { console.log("The result of hashing " + password + " is:\n\n" + hash.toString(‘hex‘) + "\n\n"); }); });
以上是关于[Web Security] Create a hash salt password which can stored in DB的主要内容,如果未能解决你的问题,请参考以下文章
System.Web.Security 在winform中是什么命名空间呢
Spring Security 4 @AuthenticationPrincipal 为空,core.annotation.AuthenticationPrincipal 但不是 web.bind.a
即使使用 create-session="stateless",Spring Security Oauth2 也会生成 jsessiond