Password is being stored in clear text if length is 6 #829

tmfelwu · 2015-08-20T16:13:16Z

Password is being stored in clear text if length is 6, just an equal sign is required here, or make sure min length for password is 7

/**
 * Hook a pre save method to hash the password
 */
UserSchema.pre('save', function (next) {
  if (this.password && this.isModified('password') && this.password.length >6) {
    this.salt = crypto.randomBytes(16).toString('base64');
    this.password = this.hashPassword(this.password);
  }

  next();
});

The text was updated successfully, but these errors were encountered:

codydaig · 2015-08-20T16:16:44Z

@sparshy I will look into this and verify on my end.

[fix] Was storing a 6 char password in plain text [fixes #829]

lirantal added the issue:bug label Aug 20, 2015

lirantal modified the milestones: 0.4.0, 0.4.x Aug 20, 2015

codydaig added a commit to codydaig/mean that referenced this issue Aug 20, 2015

[fix] Was storing a 6 char password in plain text [fixes meanjs#829]

5c287f5

codydaig mentioned this issue Aug 20, 2015

[fix] Was storing a 6 char password in plain text [fixes #829] #830

Merged

lirantal closed this as completed in #830 Aug 21, 2015

lirantal added a commit that referenced this issue Aug 21, 2015

Merge pull request #830 from codydaig/bug/password

7b880e9

[fix] Was storing a 6 char password in plain text [fixes #829]

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Password is being stored in clear text if length is 6 #829

Password is being stored in clear text if length is 6 #829

tmfelwu commented Aug 20, 2015

codydaig commented Aug 20, 2015

Password is being stored in clear text if length is 6 #829

Password is being stored in clear text if length is 6 #829

Comments

tmfelwu commented Aug 20, 2015

codydaig commented Aug 20, 2015