In the advanced node boilerplate, I see passwords ...
# prisma-whats-newd
Devin
03/17/2018, 3:34 PMIn the advanced node boilerplate, I see passwords are stored directly in the database. Does anyone know how secure that is?
j
jamiehalvorson
03/17/2018, 3:38 PMIf I remember correctly they are hashed using the
bcryptsjsd
Devin
03/17/2018, 3:38 PMoh that's great. Thanks for the quick response
e
ehodges
03/17/2018, 4:36 PMOther considerations:
The boilerplates only have 10 rounds (as I recall) of bcrypt. We probably should be using more. I don't know what a good number is though.
Also there is the issue of storing JWT's in local storage. I want to learn how to store them in secure cookies, but I have not learned this yet.
👍 1
l
lawjolla
03/17/2018, 6:06 PM@ehodges id recommend learning content security policy. Make a good CSP and make sure your JS files are trusted, and XSS is nearly impossible
👍 1
e
ehodges
03/17/2018, 6:11 PMYes, I have it bookmarked
2 Views