Some fields namely password need to be hashed

[jrans]

Use bcrypt to hash fields before saving confidential information which should not be stored in db like password.

Have functionality to hash any payload based on fields config but have put on shelf. #58

Now will only hash "password" field before saying as our sole means of verification.

[nelsonic]

Passwords need to be hashed when they are inserted into the Database. But they need to be in plaintext when you are comparing to an existing password that is stored in the DB so hashing it prematurely and discarding the plaintext is kinda useless ... 😕 see: https://github.com/ncb000gt/node.bcrypt.js/#to-check-a-password

https://www.youtube.com/watch?v=1in5wAVOyIk ❓

[jrans]

@nelsonic yep realised, though maybe with asynchronous validation functions we could use the compare method of bcrypt with a db request could be useful to validate the login request with joi? See progress of async extensions (could be also be used for checking username unique etc) but yes original proposal flawed!

[jrans]

Note columns in db storing hashes need to be of length 60char