[Web Security] Create a hash salt password which can stored in DB

We cannot directly store user password in the database.

What need to do is creating a hashed & salted string which reperstanting the user password.

This password is not reverable. And very hard for hacker to guess what is the origial password by using Dictionary Attacks.

var crypto = require(‘crypto‘);

var password = "monkey";

// randomBytes: generate a salt pre user, salt should be stored with hashed password in the database
crypto.randomBytes(256, function(err, salt) {

  // pbkdf2: combine the salt the hash password algorithm, to generate a safe password
  crypto.pbkdf2(password, salt, 100000, 512, ‘sha256‘,
    function(err, hash) {

      console.log("The result of hashing " + password + " is:\n\n" +
        hash.toString(‘hex‘) + "\n\n");

    });

});
时间: 2024-12-20 16:38:09

[Web Security] Create a hash salt password which can stored in DB的相关文章

Talk In Web Security(安全世界观): Devleping a Secure WebSite

Writer:BYSocket(泥沙砖瓦浆木匠) 微博:BYSocket 豆瓣:BYSocket Reprint it anywhere u want. Why to write about Web Security? A java file can hack your server.One JSP can download any file. How to do this?  1. Write a JSP and upload to the server.  2. Use JSP to dow

Talk In Web Security(安全世界观): Devleping a Secure We

Writer:BYSocket(泥沙砖瓦浆木匠) 微博:BYSocket 豆瓣:BYSocket Reprint it anywhere u want. Why to write about Web Security? A java file can hack your server.One JSP can download any file. How to do this?   1. Write a JSP and upload to the server.   2. Use JSP to d

alk In Web Security(安全世界观): Devleping a Secure Wesite

Writer:BYSocket(泥沙砖瓦浆木匠) 微博:BYSocket 豆瓣:BYSocket Reprint it anywhere u want. Why to write about Web Security? A java file can hack your server.One JSP can download any file. How to do this? 1. Write a JSP and upload to the server. 2. Use JSP to downl

System.Web.Security 在winform中是什么命名空间呢

des.Key = ASCIIEncoding.ASCII.GetBytes(System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfig 以上代码在winform中,老是报如下错误,错误 2 命名空间“System.Web”中不存在类型或命名空间名称“Security”.是否缺少程序集引用? 解决方法: 首先确保你使用的是完整版的.net框架,在项目-属性-目标框架中,下拉选择的不是.net 4.0 client 

无法将类型为“System.Security.Principal.GenericIdentity”的对象强制转换为类型“System.Web.Security.FormsIdentity”。

这次的系统包含两个子系统,所以做了一个分角色的身份验证系统. web.config <system.web>中设置 <authentication mode="Forms"> <!--验证方式为窗体验证--> <forms name=".ASPXAUTH" loginUrl="~/login.aspx" protection="All" timeout="60" p

Web Security of XSS

起这个标题有点大,但是作为web安全来讲,XSS还是蛮基础,但似乎又不为很多高手所常用,网上资料虽然很多,但是你真正去实作的时候,又是一头雾水,常常心生不是那么一回事哦的感慨,所以我就想写点或者说记点实践基础性的东西. 要学习XSS,自己搭个php环境还是很有必要的.其实很简单,一二三步就可以 . 第一步安装FastCGI. 第二步去这里下载phpManger,去这里下载php5.6.3, 将后者解压放在一个目录中,然后安装phpManager, 发现IIS就会多一个phpManager. 注册

[Web Security] JSON Hijacking

After reading the blog, the main take away from there is: "Never send back JOSN array to the client side, it is easy to be hijacked, using JSON object, it is because JSON object is not considered to be a valid Javascript to execute"

Loadrunner test web service which need username and password

Action(){ char  * position; char * str; int  offset; char * search_str = "ERROR"; // web_set_sockets_option("INITIAL_BASIC_AUTH","1");        web_set_user("21652362","zxcv!123","g1u2367.austin.hp.com:

MongoDB: exception in initAndListen: 20 Attempted to create a lock file on a read-only directory: /data/db, terminating

启动mongodb遇到的一个问题和解决: 转(http://blog.csdn.net/u012877472/article/details/51001025) sudo chmod -R go+w /data/db or this, which will make the directory owned by you: sudo chown -R $USER /data/db