Hi Team,
While storing a password to the DB (when using react-moralis, should I add salt and hash the password before calling the signup API ?
Or is it handled within the API?
Thanks
Ishan
Hi Team,
While storing a password to the DB (when using react-moralis, should I add salt and hash the password before calling the signup API ?
Or is it handled within the API?
Thanks
Ishan
I think that you don’t have to do anything
That’s my guess too. Otherwise I would need to add a separate cloud function to retrieve the salt while authenticating.
Would be nice to know how the DB stores the passwords
There should be the default implementation from parse server
So, then there should be no need to implement salt and hash while storing passwords?
Can you confirm if the password is stored salted and hashed on moralis mongo DB and if the salt is system wide or user specific?
I didn’t look at the implementation, you have direct access to mongo db database if you want to check.
Thanks for your help.
It said the password is hidden when I checked before.
Let me see if I can tinker with some settings to view it
I mean to connect directly to mongo db, not from the dashboard
Oh ok. Havent tried that. Will try it now
You don’t need to do anything
Thanks Ivan. How do I check your password security model?
You can check source code of parse-server on which moralis email/password auth is based on