Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I want to ask it is better to make a query in mongo db like this:
db.users.findOne({'username': 'example', 'password': '5f189664bb2e58d4e2ee879835b13a7e3a790e14'})
Or make the check of the password hash in a if condition like this:
user = db.users.findOne({'username': 'example'})
if user['password'] == passwordHash:
print "Hello user"
Thanks! Jarus
It depends on what you want to do if the user is found but the password is wrong.
Note: If you want to keep your system secure you should probably prefer the first method over the second. The second method follows different code paths depending on whether the username exists and the password is wrong, or if the username doesn’t exist. This can result in leaking information about what usernames exist on your system, which can be useful for attackers.