I am in the process of developing a web application using Node.js and Express, using CouchDB as the database.CouchDB has a built in _users database, however I don't want the end user of my application to have direct access to my DB for obvious security reasons. My current thinking on a solution was to have a collection of documents called "accounts" that represents a regular user of my application (not a database user).The documents for each user would hold user information like a name, email, username, and password. I want to make sure that the user password is encrypted and hidden properly, so that actual DB users could not just look and see their password. What are my options, and what are some good resources on how to secure a "password" field within a CouchDB document? I've searched the docs, but I can't seem to find anything beyond creating a DB user. Is there a JS solution in Node to encrypting passwords before saving them to the DB?
Submitted January 21, 2020 at 04:19AM by CCM141516
No comments:
Post a Comment