Over the years, I have been able to adopt an interesting approach to register a user as well as log in the user. Am delighted to share a few decisi...
Some comments have been hidden by the post's author - find out more
For further actions, you may consider blocking this person and/or reporting abuse
Thanks for sharing your toughs on Authentication, but please don't role your own Authentication/Authorization, instead use battle proved solutions in the community.
Why, you may ask?
Because this are very security sensitive things that can easily go wrong, like you have just have done here in your solution.
What did I do wrong?
Well to start with you should NEVER return the user data like the password hash, this is a terribly bad thing to do from any perspective you may look into it, plus returning the
_id
is also not advisable.Some other things are not quite ok as well, but I let that as an exercise for you to figure out. To help you with that I recommend you to read the OWASP API Security Top 10, and afterwards I hope that you will see that you are incurring in some of the top 10 security risks.
That's a good example of an Authentication with nodejs and mongoDB, I just use bcrypt to encrypt the password, this way, you don't work with a plain password but only with encrypted passwords.
Please read my reply to see why you shouldn't roll your own Authentication, and why this is not a good example of doing it.
Can i know your icon and color theme
Hello αвιηαѕн, I use Webstorm IDE (WebStorm Material Theme)
I also use Webstorm but how can I find that icon theme and editor theme?
install Material Theme
Hi Adeeyo, thanks for the post. It will help if you can use code blocks instead of images for your code. This will make it easier for people to copy the code if they want to do so.
Hi, Sarah thanks for your feedback, Noted.