AI Workshop: learn to build apps with AI →
Web Security: How to store passwords in the database

Join the AI Workshop and learn to build real-world apps with AI. A hands-on, practical program to level up your skills.

You don’t. You don’t store passwords in the database. You store the password hash, a string generated from the password, but from which no one can go back to the original password value.

Using Node, install bcrypt:

npm install bcrypt

Require it, and define the salt rounds value, we’ll use it later:

const bcrypt = require('bcrypt')

const saltRounds = 10

Create a password hash

Create a password hash using:

const hash = await bcrypt.hash('PASSWORD', saltRounds)

where PASSWORD is the actual password string.

If you prefer using callbacks:

bcrypt.hash('PASSWORD', saltRounds, (err, hash) => {
  
})

Then you can store the hash value in the database.

Verify the password hash

To verify the password, compare it with the hash stored in the database using bcrypt.compare():

const result = await bcrypt.compare('PASSWORD', hash) 
//result is true or false

Using callbacks:

bcrypt.compare('somePassword', hash, (err, result) => {
  //result is true or false
})

Lessons in this unit:

0: Introduction
1: CSRF (Cross Site Request Forgery) tutorial
2: Cross Site Scripting (XSS) tutorial
3: SQL injection
4: JSON Web Token (JWT) explained
5: ▶︎ How to store passwords in the database
6: Some inputs to check for XSS issues