• node.js securing the username/password database

    Following on from my last post, I decided to have a look at a better solution for password hashing as the last example just used SHA1 which is far from optimal, so here are some changes to handle hashing via a pbkdf2 function which is far far better and far more secure.

    [Read More…]

  • node.js, express, mongo, and passport

    Building on the tutorial from http://cwbuecheler.com/web/tutorials/2013/node-express-mongo/ I wanted to add passport support to allow basic authentication to the site and there seemed to be a few too many conflicting and out of date instructions for what should have been a really simple process.

    The objective is local username/password authentication and as we are doing that we might as well be good and store a password hash not the actual password in the db. This could easily be extended to be properly salted etc.

    [Read More…]