Answer the question
In order to leave comments, you need to log in
How to securely store user passwords?
Hello!
Started developing web application backend using nodeJS + express.js + MongoDB.
It is necessary to store a part of user data safely, with the so-called "double" protection.
There is an idea to create 2 dockers, the main application will be spinning on one, and the database with information will be placed on the second. The second docker does not have access to the external network. Pulling information from the 2nd docker to the 1st is carried out using secure communication (how to implement it, I haven’t figured it out yet, maybe there are ideas?). How safe is this approach, what approaches do you use?
UPD: I didn’t find a full way to protect myself, the idea does not provide the necessary security through dockers, I decided to use a master key, each user has his own, each user’s data will be encrypted, each will have his own key and will not be stored in the system.
Answer the question
In order to leave comments, you need to log in
Generally speaking, you should store not user passwords, but their cryptographic hash of the password, according to one of the uncompromised cryptographic protocols, for example SHA-256, SHA-512 (theoretically compromised).
See article SHA-2
It is safe to store passwords in clear text in Monge and in a Docker container. Gee gee (rubbing his hands)
Proof of the link:
https://www.opennet.ru/opennews/art.shtml?num=45817
https://www.troyhunt.com/the-773-million-record-co...
You can't just store "naked" passwords, you can store an encrypted hash mixed with a "salt". If without "salt" - the password will be easier to decrypt.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question