In the advanced node boilerplate, I see passwords ...
# prisma-whats-new
d
In the advanced node boilerplate, I see passwords are stored directly in the database. Does anyone know how secure that is?
j
If I remember correctly they are hashed using the
bcryptsjs
package, they aren’t stored as plain strings so should be pretty secure
d
oh that's great. Thanks for the quick response
e
Other considerations: The boilerplates only have 10 rounds (as I recall) of bcrypt. We probably should be using more. I don't know what a good number is though. Also there is the issue of storing JWT's in local storage. I want to learn how to store them in secure cookies, but I have not learned this yet.
👍 1
l
@ehodges id recommend learning content security policy. Make a good CSP and make sure your JS files are trusted, and XSS is nearly impossible
👍 1
e
Yes, I have it bookmarked