clintonwoo
commented
7 years ago Password is now hashed using inbuilt Node.js crypto library and pbkdf2
Closed confusingstraw closed 7 years ago
clintonwoo
commented
7 years ago Password is now hashed using inbuilt Node.js crypto library and pbkdf2
I'm not a security expert, but wouldn't it be advisable to only store the hashed password of a user? My understanding is that the LocalStrategy does not do any hashing for you, so the Cache is holding a plaintext copy of each user's password in memory.