DEV Community

Murtaja Ziad
Murtaja Ziad

Posted on • Originally published at blog.murtajaziad.xyz on

Should you store the passwords in the database?

#database #passwords #node #javascript

Basically, NO you shouldn’t store the passwords in the database, you should store the password hash.

Silhouette of Mountain Under Cloudy Sky during Sunset — Pexels

Installing bcrypt:

Using Node, install bcrypt :

npm install bcrypt
# or
yarn add bcrypt
Enter fullscreen mode Exit fullscreen mode

In your code, require bcrypt and define the salt rounds,

const bcrypt = require("bcrypt");
const saltRounds = 10;
Enter fullscreen mode Exit fullscreen mode

Creating the password hash:

If you prefer using async/await :

let hash = await bcrypt.hash("password", saltRounds);
Enter fullscreen mode Exit fullscreen mode

Or, if you prefer using callbacks :

bcrypt.hash('password', saltRounds, (error, hash) => {

});
Enter fullscreen mode Exit fullscreen mode

Then you can store the resulting hash in the database, note that password refers to the password string.

Verifying the password hash:

If you need the verify the password hash, you should compare it with the hash stored in the database using bcrypt.compare() :

If you prefer using async/await :

let comparisonResult = await bcrypt.compare("password", hash);
Enter fullscreen mode Exit fullscreen mode

Or, if you prefer using callbacks :

bcrypt.compare('password', hash, (error, comparisonResult) => {

});
Enter fullscreen mode Exit fullscreen mode

Follow me on Twitter, and subscribe to my YouTube channel!

Top comments (0)

Read next

heritech9 profile image

Week 4 Recap of #100DaysOfCode: From Creative CSS to JavaScript Adventures 🚀

heritech9 -

hassanazhar profile image

Detailed Comparison of Prettier, Biomejs, and VoidZero

Hassan Azhar -

hana_sato profile image

Real-Time Processing of Big Data: Tools and Best Practices

Hana Sato -

riteshshukla04 profile image

Building React Native In-App Modules bypassing the JS bridge.

Ritesh Shukla -