流星加密 [英] Encryption in Meteor

问题描述

我有用户登录表单。它有大约10个输入。我想保存该用户，随机生成密码和哈希，并将其保存并保存。如何实现呢？我在流星中使用Crypto.js找不到任何好的教程。我总是绊倒帐户密码包。

解决方案

accounts-password 实际上是为你照顾这个。我希望实施细节的文档更好，但您可以在此处查看概述。

密码通过检查哈希进行验证，因此只有从客户端传递到服务器的散列​​版本才能通过bcrypt运行。

客户端：密码 - >网络：sha256（密码） - >服务器：bcrypt（sha256（密码））

这个实现的好处是：（a）服务器从来没有看到或存储密码相当的数据，（b）只需安装软件包即可完成所有操作。

另请参阅这个hackpad 了解更多细节。

I have user sign in form. It has about 10 inputs. I want to save that user, random generate password and hash and salt it and save it. How to achieve that? I couldn't find any good tutorial for using Crypto.js in meteor. I always stumble upon account-password package.

解决方案

accounts-password actually takes care of this for you. I wish the documentation of the implementation details was better, but you can see an overview here.

Passwords are verified by examining hashes, so only a hashed version of the passed from the client to the server which is then run through bcrypt.

client: password --> network: sha256(password) --> server: bcrypt(sha256(password))

What's nice about this implementation is: (a) the server never sees or stores password-equivalent data, (b) it's all done for you just by installing the package.

Also see this hackpad for more details.

这篇关于流星加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！