Murtaja Ziad

Posted on Jun 11, 2020 • Originally published at blog.murtajaziad.xyz on May 24, 2020

Should you store the passwords in the database?

#database #passwords #node #javascript

Basically, NO you shouldn’t store the passwords in the database, you should store the password hash.

Silhouette of Mountain Under Cloudy Sky during Sunset — Pexels

Installing bcrypt:

Using Node, install bcrypt :

npm install bcrypt
# or
yarn add bcrypt

In your code, require bcrypt and define the salt rounds,

const bcrypt = require("bcrypt");
const saltRounds = 10;

Creating the password hash:

If you prefer using async/await :

let hash = await bcrypt.hash("password", saltRounds);

Or, if you prefer using callbacks :

bcrypt.hash('password', saltRounds, (error, hash) => {

});

Then you can store the resulting hash in the database, note that password refers to the password string.

Verifying the password hash:

If you need the verify the password hash, you should compare it with the hash stored in the database using bcrypt.compare() :

If you prefer using async/await :

let comparisonResult = await bcrypt.compare("password", hash);

Or, if you prefer using callbacks :

bcrypt.compare('password', hash, (error, comparisonResult) => {

});

Follow me on Twitter, and subscribe to my YouTube channel!

Simplify data collection in your JS app with a fully integrated form management platform. Includes support for custom question types, skip logic, integrated CCS editor, PDF export, real-time analytics & more. Integrates with any backend system, giving you full control over your data and no user limits.

Learn more

DEV Community

Should you store the passwords in the database?

Installing bcrypt:

Creating the password hash:

Verifying the password hash:

Top comments (0)

Create up to 10 Postgres Databases on Neon's free plan.

Read next

Mull It Over

IP of Requesting API

A Guide to Manage Access in SQL - GRANT, REVOKE, and Access Control

Express 5 is here, what’s new?

Okay