Ever imagined what would happen if someone gets access to your MongoDB account where all your crucial information are stored.
All this comes down to another major issue when you have more than a few users who've submitted their confidential data relying on you.
Need of Encryption ๐โโ๏ธ
Storing user's data without any encryption at all might not be a good idea.
A good fix to avoid compromising with someone's privacy would be to encrypt๐ data before storing in Database and decrypt๐ data while accessing from the Database.
-> How to Encrypt variables ๐ก๏ธ
While hash can be a good idea to implement before storing your user submitted variables, that might not work to regain data from the Database.
Again npm packages like 'bcrypt' & 'crypto' can be super useful and complicated at the same time.
Let's see a method that's easy to understand as well as implementable in a flash.
-> Using Keyhasher
Assuming you already have a nodejs project set up, let's first install the npm package using:
npm i keyhasher
Running this in the terminal will install the package.
Let's require the package in the Node project.
const key = require('keyhasher');
Try to keep this at the top of the project file.
--> How Keyhasher Works
Keyhasher has two functions for Encryption and Decryption respectively.
Both the funtions takes in two arguments, the hashable or reverse hashable input and the Passkey ๐.
Simple example of the functions are given as-
var hashAble = key.hash("Hi", 572);
console.log(`Hashed Phrase: ${hashAble}`)
// Hashed Phrase: X4A=
var rawWord = key.revHash("X4A=", 572);
console.log(`Output: ${rawWord}`)
// Output: Hi
In the hash Function, "Hi" is the text that is being encrypted, while I've used '572' as the Passkey๐ that can be provided either directly to function or by using environment variable.
The function returns a Phrase "X4A=", which can be stored into the database.
With change to the passcode the Encrypted phrase changes. The same password is needed to decrypt the Encrypted phrase.
--> Securing the Passcode
The passcode can be any integer number like 12383473, 3481234, 341343, 8534582, 98, 1236, 894.
A better practice would be to store the passcode๐ in the configuration file.
Create a .env
file and store your passkey in the following format.
PASSCODE = "23143341"
After storing the passcode safely, it can be used in the project with following syntax.
var hashAble = key.hash("Hi", process.env.PASSCODE);
console.log(`Hashed Phrase: ${hashAble}`)
// Hashed Phrase: X4A=
var rawWord = key.revHash("X4A=", process.env.PASSCODE);
console.log(`Output: ${rawWord}`)
// Output: Hi
Top comments (0)