问题描述
我有用户登录表单。它有大约10个输入。我想保存该用户,随机生成密码和哈希,并将其保存并保存。如何实现呢?我在流星中使用Crypto.js找不到任何好的教程。我总是绊倒帐户密码包。 accounts-password
实际上是为你照顾这个。我希望实施细节的文档更好,但您可以在查看概述。
密码通过检查哈希进行验证,因此只有从客户端传递到服务器的散列版本才能通过bcrypt运行。
客户端:密码 - >网络:sha256(密码) - >服务器:bcrypt(sha256(密码))
这个实现的好处是:(a)服务器从来没有看到或存储密码相当的数据,(b)只需安装软件包即可完成所有操作。
另请参阅了解更多细节。
I have user sign in form. It has about 10 inputs. I want to save that user, random generate password and hash and salt it and save it. How to achieve that? I couldn't find any good tutorial for using Crypto.js in meteor. I always stumble upon account-password package.
accounts-password
actually takes care of this for you. I wish the documentation of the implementation details was better, but you can see an overview here.
Passwords are verified by examining hashes, so only a hashed version of the passed from the client to the server which is then run through bcrypt.
client: password --> network: sha256(password) --> server: bcrypt(sha256(password))
What's nice about this implementation is: (a) the server never sees or stores password-equivalent data, (b) it's all done for you just by installing the package.
Also see this hackpad for more details.
这篇关于流星加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!