viscid grotto
Hello everyone.
I was wondering if it's secure to store hashes of passwords with the usernames on a database, perhaps with bcrypt.
My goal is to have a login, where the user enters name and password.
His password is then converted via bcrypt and then compared with the information stored on the database, with typescript.
Is this safe, or could someone from the client side through this find out other people's passwords?
modest tide
Firebase has Authentication, why not use that? Friends don't let friends code their own authentication and authorization mechanisms in 2022 because it is both a hard, and already solved better than you can on your own problem
viscid grotto
Firebase has Authentication, why not use that? Friends don't let friends code th...
I'm using firebase via URL.
If that can work like that I'm fine using it.
Sadly I don't find many tutorials on this topic.
Can you link me some articles where they explain how to do this?
Or am I forced to use the Google Cloud Console?
modest tide
Why would you make your life hard? @angular/fire exists
viscid grotto
Why would you make your life hard? `@angular/fire` exists
I wasted an entire day on trying to get angular fire running, with help of another helper here and In the end it didn't work, because the imports are depricated and there's no up to date tutorial on how to do it the "not hard" way.
viscid grotto
Firebase has Authentication, why not use that? Friends don't let friends code th...
I understand. But If I would do it the way I described, would that be unsecure? Like can the client side access typescript?
modest tide
I wasted an entire day on trying to get angular fire running, with help of anoth...
Do it the compat way and things are not hard
https://github.com/angular/angularfire/tree/master/docs
viscid grotto
I was told by him not to use compat, because it will be deactivated soon
modest tide
I understand. But If I would do it the way I described, would that be unsecure? ...
Yes it would be insecure because you are not a cryptographic and security and authentication and authorization developer and it is 2022 and you must be/have all those things to get by
modest tide
I was told by him not to use compat, because it will be deactivated soon
I'm telling you that it won't and even when it is there will be plenty of guides for how to convert it. Until they finish the documentation for the new API, it isn't ready for general use.
viscid grotto
Is it generally unsafe to use firebase via the URL? Because I'm under time-pressure and don't have lots of time to rewrite my entire program.
modest tide
no, it is just 1000 times harder when you already have a robust package to do it for you
viscid grotto
no, it is just 1000 times harder when you already have a robust package to do it...
Lol I noticed, yes.
thanks
modest tide
Not sure what help you got about using AngularFire, but I didn't help, so I suggest you try again
viscid grotto
Is the Firebase authentication the only way to protect a certain area of a site? (In my case literally that part where you can post articles as admin)
modest tide
Firebase authentication doesn't really do that.
You can add rules to Firestore to require authentication and other properties to access certain collections.
viscid grotto
Could I use Firebase for my posts, which I already do
And use firestore seperately for user data?