Verify user identities using just their passwords

For my express app, I'm tasked with creating an authentication system that uses a 4-digit pin as the password. The code is set up to save and hash the pin along with other user information when adding a new user. Since this is for an in-house server handling a small number of users, efficiency isn't a major concern.

The issue arises when attempting to sign the user back in. By using bcrypt to hash the password, each identical string generates a different hash, making it difficult to fetch the user using WHERE hash=hash in SQL searches.

One solution could be to retrieve all users and compare hashes using bcrypt's .compare method, but this isn't sustainable as the user base grows. Another option is to create a custom hashing function, requiring individual salts per user to ensure unique hashes.

Although the challenge lies in fetching the user based on a hashed password, any suggestions or insights would be greatly appreciated.

javascriptpostgresqlexpressnpmcryptography

Answer №1

Instead of using a hashing function on a 4 digit PIN, it's recommended to store the PIN as plain text. Hashing a short PIN like this might give a false sense of security since it can still be easily brute forced due to the limited number of possible inputs.

I'm struggling with fetching the user by performing a SQL search with WHERE hash=hash

So you're relying solely on a 4 digit PIN for identification without actually knowing who the person claims to be? This approach seems to prioritize convenience over security, resulting in a system with minimal protection measures.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

The FormData() object in Django backend is consistently found to be void of any data

I am currently experimenting with uploading an HTML form through AJAX using pure JavaScript, without jQuery. The form is put together in my template by combining three components: the CSRF token, a ModelForm, and a regular Django form (forms.Form). The vis ...

javascriptajaxdjangoformsvalidation

Unable to remove webpack from react-scripts

I encountered an issue while trying to create a todo-app in react, as I am relatively new to it. After installing webpack once, the command 'npm start' stopped working and displayed the following error: [email protected] start /home/hanna ...

node.jsreactjsreact-nativenpmwebpack

Tips for extracting value from a chosen input field without relying on its unique identifier

I am working on a simple code to help guess notes by ear. The concept involves tabs with empty input fields where numbers need to be entered based on a specific melody for the guitar fretboard. One button reveals the first note, while another button checks ...

javascriptinput

What steps should I follow to create my production-ready Express backend?

I just finished developing an Express Server. What steps do I need to take in order to prepare it for deployment on a WebApp? Unfortunately, my project does not contain any build scripts. ...

node.jsexpressdeploymentbuild

Guide: Utilizing JSON API data to generate marker labels on a leaflet map

Users are presented with points to click on. When a point is clicked, a menu displays text information. I have successfully placed the points, but when attempting to retrieve specific data from the database upon clicking a point, it does not show the marke ...

javascriptarraysdatabaseexpressleaflet

Broccoli being served on a secure and encrypted website

After extensively searching, I still haven't found a solution to my problem. I am trying to host files from my local server using broccoli, but when accessing them via a secure (https) URL, my browser gives me an error. Is there a method to serve bro ...

httpsnpmbroccolijs

Can you clarify the meaning behind Yarn's message about the pattern "debug@^4.1.1" attempting to unpack in the same destination?

I've been reading through other posts on Stack Overflow about the warning message I received from Yarn, but I'm still struggling to understand its true implications for my app. I want to know what this warning really signifies and how I can addre ...

node.jsdebuggingnpmyarnpkg

AngularJS - Directives cannot pass their class name into inner template

My goal is to create a directive that can apply a class name conditionally. However, I encountered an issue where the code only works if the class name is hardcoded into the class attribute. When I attempt to use it with any expression, it fails to work. ...

javascriptangularjsangularjs-directive

Ajax Syntax Error: Unexpected Token U

I have been struggling all day with an issue while trying to send json data via ajax to Express. Here is how my ajax code looks like: $('#saveClause').click(function () { var username = document.getElementById('postUserName').inne ...

javascriptjsonajaxexpress

I am looking to optimize my JavaScript function so that the console.log structure is functioning correctly. What changes can I make to

I've been trying out this method to tackle the issue, however, my console.log isn't providing the expected output. What adjustments should I make? const executeCalculator = ({ x, y, operation }) => { let calculator = { x: this.x, ...

javascriptfunctionoop

Switching up the default font style within TinyMCE

After successfully changing the default font within the editor using the guidelines provided here, I have encountered a new issue. The original default font no longer appears in the font drop-down list. The previous default font was Verdana, and the new d ...

javascriptcssfontstinymcefont-face

Is it necessary for me to manually delete the node in JavaScript, or does the garbage collector handle that task automatically?

In order to remove the final node from a circular linked list using JavaScript, I plan on iterating to the second-to-last node and then connecting it back to the first node. This process effectively detaches the last node from the chain. My question is, ...

javascriptnode.jsdata-structureslinked-listcircular-list

How to calculate large integer powers efficiently in JavaScript using the mod

I'm currently on the lookout for a reliable JavaScript algorithm as I attempted to implement one using node.js : function modpow_3(a,n, module){ var u = BigInt('1'); var e = equals(a, u); if( e) return a; if(equalsZero(a)) return a; if(pair ...

javascriptnode.jsalgorithm

Parsley JS: A Solution for Distinct IDs

I have a form that contains multiple select boxes, and I need to ensure that no two select boxes have the same value selected. In simpler terms, if select box 1 is set to value 2 and select box 4 is also set to value 2, an error should be triggered. While ...

javascriptjqueryformsvalidationparsley.js

Elevate your Material UI Avatar with an added level of

Attempting to give a MUI Avatar component some elevation or shadow according to the documentation provided here. <Avatar alt="Cindy Baker" src="/static/images/avatar/3.jpg" /> Enclosing the Avatar within a paper or Card element increases the size o ...

javascriptcssreactjstypescriptmaterial-ui

Looking to add elements to a specific div dynamically using jQuery? Let's explore how to insert comments seamlessly

I would like to implement a comment system that adds entered comments to a specific div. Here's the code I have so far: <ul class="comments"> <li> <a class="commenter_name" href="/">Dushyanth Lion</a> ...

javascriptjqueryhtmlcss

Using React's useEffect to implement a mousedown event listener

I created a modal that automatically closes when the user clicks outside of it. method one - involves passing isModalOpened to update the state only if the modal is currently open. const [isModalOpened, toggleModal] = useState(false); const ref = useRef(n ...

javascriptreactjs

Experimenting with axios.create() instance using jest

I have attempted multiple solutions for this task. I am trying to test an axios instance API call without using any libraries like jest-axios-mock, moaxios, or msw. I believe it is possible, as I have successfully tested simple axios calls (axios.get / axi ...

javascriptreactjstypescriptaxiosjestjs

Upgrading Angular from version 5 to 6 resulted in the Angular.json file not being generated

As I follow the official guide to upgrade my Angular app to version 10, I am currently facing an issue while trying to upgrade to CLI version 6 following the instructions on update.angular.io. It is important to ensure that you are using Node 8 or later. ...

node.jsangularnpmangular-cliangular-cli-v6

Having trouble looping through an array of objects containing images in Javascript?

I am currently facing challenges with iterating through an array of objects that contain images. The array appears empty when logged in the console, but upon inspecting it in the console, I can see all the objects along with their iteration numbers. I have ...

javascriptarraysimage-processingvue.js