How to store passwords in the database
New Course Coming Soon:
Get Really Good at Git
You don’t. You don’t store passwords in the database. You store the password hash, a string generated from the password, but from which no one can go back to the original password value.
Using Node, install bcrypt
:
npm install bcrypt
Require it, and define the salt rounds value, we’ll use it later:
const bcrypt = require('bcrypt')
const saltRounds = 10
Create a password hash
Create a password hash using:
const hash = await bcrypt.hash('PASSWORD', saltRounds)
where PASSWORD
is the actual password string.
If you prefer callbacks:
bcrypt.hash('PASSWORD', saltRounds, (err, hash) => {
})
Then you can store the hash
value in the database.
Verify the password hash
To verify the password, compare it with the hash stored in the database using bcrypt.compare()
:
const result = await bcrypt.compare('PASSWORD', hash)
//result is true or false
Using callbacks:
bcrypt.compare('somePassword', hash, (err, result) => {
//result is true or false
})
Are you intimidated by Git? Can’t figure out merge vs
rebase? Are you afraid of screwing up something any time
you have to do something in Git? Do you rely on ChatGPT
or random people’s answer on StackOverflow to fix your
problems? Your coworkers are tired of explaining Git to
you all the time? Git is something we all need to use,
but few of us really master it. I created this course to
improve your Git (and GitHub) knowledge at a radical
level. A course that helps you feel less frustrated with
Git. Launching Summer 2024. Join the waiting list!
Here is how can I help you:
- COURSES where I teach everything I know
- THE VALLEY OF CODE your web development manual
- BOOTCAMP 2024 cohort in progress, next edition in 2025
- BOOKS 16 coding ebooks you can download for free on JS Python C PHP and lots more
- SOLO LAB everything I know about running a lifestyle business as a solopreneur
- Interesting links collection
- Follow me on X