Do I need to add salt and hash the password while invoking signup()

Hi Team,

While storing a password to the DB (when using react-moralis, should I add salt and hash the password before calling the signup API ?

Or is it handled within the API?


1 Like

I think that you donโ€™t have to do anything

Thatโ€™s my guess too. Otherwise I would need to add a separate cloud function to retrieve the salt while authenticating.

Would be nice to know how the DB stores the passwords

There should be the default implementation from parse server

So, then there should be no need to implement salt and hash while storing passwords?

Can you confirm if the password is stored salted and hashed on moralis mongo DB and if the salt is system wide or user specific?

I didnโ€™t look at the implementation, you have direct access to mongo db database if you want to check.

Thanks for your help.

It said the password is hidden when I checked before.

Let me see if I can tinker with some settings to view it

I mean to connect directly to mongo db, not from the dashboard

Oh ok. Havent tried that. Will try it now

You donโ€™t need to do anything

1 Like

Thanks Ivan. How do I check your password security model?

You can check source code of parse-server on which moralis email/password auth is based on