DEV Community

Cover image for Day57 of Learning MERN Stack
Ali Hamza
Ali Hamza

Posted on

Day57 of Learning MERN Stack

#websecurity #node #express #mongodb

Hello Dev Community! 👋

It is officially Day 57 of my daily coding run toward full-stack engineering mastery! Yesterday, I configured express sessions, cookies, and request validation checkpoints. Today, I stepped into core cybersecurity inside Prashant Sir's backend masterclass track: Implementing Password Hashing and Secure User Persistence via Bcrypt!

Storing credentials in plain text inside a database is one of the most dangerous anti-patterns in software engineering. Today, I upgraded my authentication engine to ensure that user passwords are encrypted into secure, irreversible cryptographic hashes before they ever hit the database cluster!

🧠 Key Learnings From Day 57 (Cryptographic Hashing & Salting)

Securing authentication records requires understanding one-way encryption vectors and asynchronous hashing pipelines:

1. The Power of Irreversible Hashing vs Encryption

I learned that passwords should not be "encrypted" (which implies they can be decrypted back to plain text). Instead, they are hashed using a one-way mathematical function. Even if an intruder accesses the database, they only see an unreadable string block that cannot be reversed.

2. What is a Salt Round? (bcrypt.hash)

I used the industrial-grade bcryptjs library to hash passwords. Bcrypt injects a random string called a Salt into the raw input before scrambling it. This ensures that even if two users choose the exact same password, their generated hashes look completely different! I configured 12 salt rounds to achieve an optimal balance between execution safety and server CPU performance:


javascript
const bcrypt = require('bcryptjs');

// A look at how I implemented secure user registration today
exports.postSignup = async (req, res) => {
    const { email, password } = req.body;

    try {
        // Asynchronously generating a secure hash with 12 salt rounds
        const hashedPassword = await bcrypt.hash(password, 12);

        // Initializing a new User document with the hashed credential string
        const newUser = new User({
            email: email,
            password: hashedPassword
        });

        await newUser.save();
        res.redirect('/login');
    } catch (err) {
        console.log(err);
    }
};
Enter fullscreen mode Exit fullscreen mode

Top comments (0)