1
00:00:02,210 --> 00:00:05,680
We've got a big problem, a big security flaw

2
00:00:05,680 --> 00:00:08,850
in our current signup process.

3
00:00:08,850 --> 00:00:10,940
We've got a couple of problems, actually.

4
00:00:10,940 --> 00:00:12,380
One problem, for example,

5
00:00:12,380 --> 00:00:15,540
also is that we don't validate the user input.

6
00:00:15,540 --> 00:00:19,340
I'll come back to that later, and what I mean by that.

7
00:00:19,340 --> 00:00:21,850
But the even bigger problem right now is

8
00:00:21,850 --> 00:00:23,880
that we're storing the password

9
00:00:23,880 --> 00:00:26,503
as plain text in that database.

10
00:00:27,890 --> 00:00:29,720
So here in the database,

11
00:00:29,720 --> 00:00:33,200
I have the password just as I entered it as a user

12
00:00:33,200 --> 00:00:36,080
on the website a couple of seconds ago.

13
00:00:36,080 --> 00:00:37,833
And why is that a problem?

14
00:00:38,780 --> 00:00:41,460
It is a problem because if this database

15
00:00:41,460 --> 00:00:43,650
should ever get compromised,

16
00:00:43,650 --> 00:00:47,910
if we got an employee who decides to do bad things

17
00:00:47,910 --> 00:00:51,440
and wants to extract some user passwords,

18
00:00:51,440 --> 00:00:52,920
or if we're getting hacked,

19
00:00:52,920 --> 00:00:56,880
which can happen, even if we're trying all to prevent it.

20
00:00:56,880 --> 00:00:58,370
But if we're getting hacked

21
00:00:58,370 --> 00:01:00,760
and someone gets access to this database,

22
00:01:00,760 --> 00:01:04,590
he or she will be able to get all the user data

23
00:01:04,590 --> 00:01:07,210
with all the raw passwords.

24
00:01:07,210 --> 00:01:09,940
And we have all read about data breaches like this

25
00:01:09,940 --> 00:01:11,240
in the news.

26
00:01:11,240 --> 00:01:15,530
Where some company did store passwords as plain text,

27
00:01:15,530 --> 00:01:17,570
as we are doing it here right now.

28
00:01:17,570 --> 00:01:20,590
And when that database then got compromised,

29
00:01:20,590 --> 00:01:23,073
and the data got lost or stolen,

30
00:01:23,073 --> 00:01:26,410
then all that data could just be used like this

31
00:01:26,410 --> 00:01:27,880
by criminals.

32
00:01:27,880 --> 00:01:29,800
And since users, for example,

33
00:01:29,800 --> 00:01:33,160
tend to use the same password on multiple pages,

34
00:01:33,160 --> 00:01:36,840
no matter if that is recommended or not, it's the reality.

35
00:01:36,840 --> 00:01:40,590
Since users use the same password on multiple pages,

36
00:01:40,590 --> 00:01:43,830
if I can extract your password from this page,

37
00:01:43,830 --> 00:01:46,650
I can also try this email password combination

38
00:01:46,650 --> 00:01:49,790
on other pages, like your online banking account,

39
00:01:49,790 --> 00:01:51,910
or your Amazon account.

40
00:01:51,910 --> 00:01:53,653
And that's all not good.

41
00:01:54,890 --> 00:01:57,600
So therefore, what you should do

42
00:01:57,600 --> 00:02:00,930
if you're storing user credentials in a database

43
00:02:00,930 --> 00:02:04,710
is you should always hash the password.

44
00:02:04,710 --> 00:02:09,410
Hashing the password simply means that you change it.

45
00:02:09,410 --> 00:02:10,750
You don't change it randomly,

46
00:02:10,750 --> 00:02:13,450
but you use some algorithm for changing it,

47
00:02:13,450 --> 00:02:16,833
and you change it as such that it can't be converted back.

48
00:02:17,730 --> 00:02:19,920
This might sound strange because in the future,

49
00:02:19,920 --> 00:02:23,090
you also need to be able to verify the password.

50
00:02:23,090 --> 00:02:25,950
But when you use a hashing algorithm,

51
00:02:25,950 --> 00:02:30,200
that algorithm will be able to compare an unhashed password

52
00:02:30,200 --> 00:02:31,650
to a hashed password,

53
00:02:31,650 --> 00:02:33,800
and find out if the unhashed password

54
00:02:33,800 --> 00:02:35,640
would lead to the same hash

55
00:02:35,640 --> 00:02:38,430
without reverting the hash.

56
00:02:38,430 --> 00:02:40,420
Might sound all very cryptic.

57
00:02:40,420 --> 00:02:42,450
But in the end, it is a way of ensuring

58
00:02:42,450 --> 00:02:44,280
that you can store a password

59
00:02:44,280 --> 00:02:46,850
in an obscured way in a database,

60
00:02:46,850 --> 00:02:50,500
and in a way that can't be decoded,

61
00:02:50,500 --> 00:02:54,780
and still be able to verify the password in the future.

62
00:02:54,780 --> 00:02:57,140
And therefore, that is something we should do here.

63
00:02:57,140 --> 00:02:59,040
We should hash the password

64
00:02:59,040 --> 00:03:01,620
before we store it in the database.

65
00:03:01,620 --> 00:03:06,620
Hence for the moment here, I will just delete my user here,

66
00:03:06,970 --> 00:03:11,970
and delete the user with the email test@test.com

67
00:03:14,790 --> 00:03:18,220
because I don't want a user with that password here.

68
00:03:18,220 --> 00:03:21,140
And we'll implement this password hashing

69
00:03:21,140 --> 00:03:22,513
in our website now.

70
00:03:23,410 --> 00:03:25,790
Now, hashing passwords is a complex task

71
00:03:25,790 --> 00:03:29,110
because you need an algorithm that converts passwords

72
00:03:29,110 --> 00:03:31,433
such that they can't be decoded.

73
00:03:32,280 --> 00:03:34,640
A very popular third party package

74
00:03:34,640 --> 00:03:35,958
that does this for us

75
00:03:35,958 --> 00:03:38,880
is the becrypt.js package.

76
00:03:38,880 --> 00:03:40,360
You can just search for it

77
00:03:40,360 --> 00:03:43,260
to find its official documentation here.

78
00:03:43,260 --> 00:03:46,300
Here you'll learn how you can use it and how it works.

79
00:03:46,300 --> 00:03:49,970
And this package will ensure that we can convert strings,

80
00:03:49,970 --> 00:03:54,810
like passwords, into undecodable, hashed strings

81
00:03:54,810 --> 00:03:56,610
which look random to humans,

82
00:03:56,610 --> 00:03:58,520
but which follow a certain pattern,

83
00:03:58,520 --> 00:04:02,453
but which can't be decoded back to the original password.

84
00:04:03,540 --> 00:04:06,580
So let's stop our server here,

85
00:04:06,580 --> 00:04:09,120
and simply install becrypt.js

86
00:04:09,120 --> 00:04:11,727
by running npm install becryptjs.

87
00:04:13,750 --> 00:04:15,610
And then once this package is installed,

88
00:04:15,610 --> 00:04:18,230
we can start our server again.

89
00:04:18,230 --> 00:04:21,050
And in demo.js at the very top,

90
00:04:21,050 --> 00:04:23,130
where we have all our imports,

91
00:04:23,130 --> 00:04:26,910
we now want to import becrypt by requiring

92
00:04:26,910 --> 00:04:28,883
becryptjs like this.

93
00:04:30,170 --> 00:04:32,800
And now we can use this third party library

94
00:04:32,800 --> 00:04:35,460
to hash our passwords.

95
00:04:35,460 --> 00:04:36,720
So now here

96
00:04:37,660 --> 00:04:40,720
in our signup post route,

97
00:04:40,720 --> 00:04:43,510
instead of storing the password like this,

98
00:04:43,510 --> 00:04:44,480
we will, first of all,

99
00:04:44,480 --> 00:04:48,643
create a hashed password here by using bcrypt.

100
00:04:49,800 --> 00:04:52,500
And there we can call the hash method,

101
00:04:52,500 --> 00:04:54,410
which does what the name implies.

102
00:04:54,410 --> 00:04:56,740
It takes a string like our password,

103
00:04:56,740 --> 00:04:58,310
and then creates a hash.

104
00:04:58,310 --> 00:05:02,393
So such an obscured string based on it.

105
00:05:03,780 --> 00:05:05,770
For this, we pass our entered password

106
00:05:05,770 --> 00:05:08,540
as a first parameter value.

107
00:05:08,540 --> 00:05:10,770
And then the second value is a number that

108
00:05:10,770 --> 00:05:14,170
in the end determines how strong the hashing is.

109
00:05:14,170 --> 00:05:17,060
If it's not strong enough, it could be decoded,

110
00:05:17,060 --> 00:05:18,920
but a value of 12 here

111
00:05:18,920 --> 00:05:22,400
should actually produce a fairly secure password,

112
00:05:22,400 --> 00:05:24,310
which can't be decoded.

113
00:05:24,310 --> 00:05:27,483
So where you can't infer the original password.

114
00:05:28,810 --> 00:05:31,710
Now, hash actually returns a promise.

115
00:05:31,710 --> 00:05:34,513
So here we also have to await this.

116
00:05:36,870 --> 00:05:39,350
So then at some point, we got this hashed password,

117
00:05:39,350 --> 00:05:41,460
and now it's this hashed password,

118
00:05:41,460 --> 00:05:43,500
which we should store in the database

119
00:05:43,500 --> 00:05:45,883
instead of the unhashed password.

120
00:05:47,780 --> 00:05:50,900
So now here we can save this,

121
00:05:50,900 --> 00:05:55,483
and with that, if we now go back and create a user again.

122
00:06:01,300 --> 00:06:02,233
Like this.

123
00:06:03,130 --> 00:06:04,800
We still are redirected.

124
00:06:04,800 --> 00:06:06,810
We still get no error here.

125
00:06:06,810 --> 00:06:10,450
But if I now have a look at all my users again here

126
00:06:10,450 --> 00:06:13,850
in my database, we now see that for this user,

127
00:06:13,850 --> 00:06:16,330
now we don't store the original password,

128
00:06:16,330 --> 00:06:17,500
which was entered,

129
00:06:17,500 --> 00:06:19,080
but this string here,

130
00:06:19,080 --> 00:06:23,300
which clearly gives us no clues about the original passwords

131
00:06:23,300 --> 00:06:25,120
and which, as I mentioned before,

132
00:06:25,120 --> 00:06:29,000
can't be decoded back to the original password.

133
00:06:29,000 --> 00:06:32,100
Still, we'll be able to verify the entered password

134
00:06:32,100 --> 00:06:32,933
in the future.

135
00:06:32,933 --> 00:06:34,430
That's the great thing about it.

136
00:06:35,270 --> 00:06:36,170
But now with that,

137
00:06:36,170 --> 00:06:39,360
if this database ever gets compromised or hacked,

138
00:06:39,360 --> 00:06:42,290
you won't be able to just use that password

139
00:06:42,290 --> 00:06:44,040
to log into other websites,

140
00:06:44,040 --> 00:06:47,110
because this isn't the original password.

141
00:06:47,110 --> 00:06:49,690
It's a hash, which you can't convert back

142
00:06:49,690 --> 00:06:51,410
to the original password.

143
00:06:51,410 --> 00:06:54,520
And therefore, this is a huge security step up,

144
00:06:54,520 --> 00:06:57,343
which you absolutely should have in your websites.