Secure Your Apps: Hashing Passwords in Node.js – Part 3 🔐

🚀View the updated 2020 Hashing Passwords tutorial at: https://chriscourses.com/courses/build-web-apps/hashing-passwords

🖥Professional Web Development Services from Chris: https://resovere.com/

Learn the basics behind hashing users' passwords and why it is so very important to do this within any password related app.

When it comes to securing your users' passwords, it's integral, no, absolutely necessary to hash your users' passwords before storing them in a database. Hashing is the process of scrambling up a user's password into a long string of characters that's undecipherable. The interesting thing about hashing: once you put the password in the hasher, there's no way to convert it back to its original form (at least from a mathematical standpoint). This helps ensure that your users' passwords are unreadable in the off chance someone happens to stumble upon the data in your database.

Code along with me as I demonstrate how to implement hashing functionality into our user based node app.

bcrypt npm link: https://www.npmjs.com/package/bcrypt


Video Git Repo (starts at part 1):
------------------------------------------------
https://github.com/christopher4lis/express-cc


Node Authentication Process:
------------------------------------------
// Add our boilerplate
// 1.x Git clone express-cc repo
// 2.x Run yarn / npm install

// Create a new user in the database
// 1.x Create a form within a view
// 2.x Create route that'll process the form's post request
// 3.x Create a database connection using .env file
// 4.x Grab form input and insert into database
// 5.x Add express-validation package
// 6.x Validate user input on backend
// 7.x Validate user input on frontend
// 8.x Hash our user's password
// 9.x Store user in database

// Login user (update user session, return auth cookie)
// 1. Install passport
// 2. Configure passport with local strategy

// Protect routes and only permit entry with authorization cookie

// Create logout button

// Create login page


Video Timeline:
-----------------------------
00:50 - Why storing passwords in plain text is bad
01:36 - What is hashing?
02:35 - How to hash our users' passwords
03:05 - What is bcrypt?
06:01 - What is a salt?
07:08 - Testing out our hashing implementation

To be continued...


The Platform:
-------------------------
http://chriscourses.com is a platform in progress whose goal is to educate aspiring and seasoned web developers via story driven learning.

Each course tells a different story, and each milestone reveals a different scene. With an expansive universe to explore, you can track your progress, and gain the necessary skills needed to build your dreams.

For updates on the progress of chriscourses.com and future videos, join the Chris Courses mailing list at http://chriscourses.com.


Chris Courses Social:
-----------------------------------
Twitter: https://twitter.com/chriscourses
Facebook: https://www.facebook.com/chriscourses


Christopher Lis Social:
-------------------------------------
Twitter: https://twitter.com/christopher4lis
CodePen: http://codepen.io/christopher4lis