Security through Nodejs

Question 1

Level 1 Security

Answer 1

Username and Password

Question 2

Level 2

Answer 2

Encrypt the password in database.
Use package ‘mongoose-encryption’

npm i mongoose-encryption

const encrypt = require(‘mongoose-encryption’);

// Initialize schema here

// schema.plugin(encrypt, { encyptedFields: [‘field-name that needs to be encrypted in a document’] } );

Question 3

Level 3

Answer 3

Hashing password with package like md5

npm i md5

const md5 = require (‘md5);

password= md5(‘some string here’);

Question 4

Level 4

Answer 4

Salting and Hashing

Aim of salting and hashing is to make brute forcing more tedious.

npm install bcrypt // to install the npm module

const bcrypt = require('bcrypt');     // require in the js
const saltRounds = 10;

bcrypt.hash(myPlaintextPassword, saltRounds, function(err, hash) {
    // Store hash in your password DB.
});

Question 5

Level 5 ( local authentication)
Level 6 (Open Authorization from external sites)

Answer 5

Cookie Session - QoL improvements

Done by using express-session, passport.js, passport-local-mongoose, passport-local

Check respective documentation for usage but –

express-session - aids in constructing and saving a session as cookie
passport.js - provides general strategy for authentication like google, fb, github, gitlab etc (Level 6)
passport-local-mongoose - helps in saving data generated from passport local to mongoose database.
passport-local - provides local strategy for authentication. (Level 5)