Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
The Go Workshop

You're reading from   The Go Workshop Learn to write clean, efficient code and build high-performance applications with Go

Arrow left icon
Product type Paperback
Published in Dec 2019
Publisher Packt
ISBN-13 9781838647940
Length 824 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Authors (6):
Arrow left icon
Sam Hennessy Sam Hennessy
Author Profile Icon Sam Hennessy
Sam Hennessy
Andrew Hayes Andrew Hayes
Author Profile Icon Andrew Hayes
Andrew Hayes
Gobin Sougrakpam Gobin Sougrakpam
Author Profile Icon Gobin Sougrakpam
Gobin Sougrakpam
Jeremy Leasor Jeremy Leasor
Author Profile Icon Jeremy Leasor
Jeremy Leasor
Delio D'Anna Delio D'Anna
Author Profile Icon Delio D'Anna
Delio D'Anna
Dániel Szabó Dániel Szabó
Author Profile Icon Dániel Szabó
Dániel Szabó
+2 more Show less
Arrow right icon
View More author details
Toc

Table of Contents (21) Chapters Close

Preface 1. Variables and Operators FREE CHAPTER 2. Logic and Loops 3. Core Types 4. Complex Types 5. Functions 6. Errors 7. Interfaces 8. Packages 9. Basic Debugging 10. About Time 11. Encoding and Decoding (JSON) 12. Files and Systems 13. SQL and Databases 14. Using the Go HTTP Client 15. HTTP Servers 16. Concurrent Work 17. Using Go Tools 18. Security 19. Special Features Appendix

Password Management

If you are managing user accounts on your website, one common way of verifying user identity is through a combination of usernames and passwords. This authentication mechanism has the risk that, if not properly managed, user credentials can be leaked. This has happened to many of the major websites around the world and remains a surprisingly common security incident.

The main rule of thumb regarding password management is to never store passwords in plaintext (either in memory or in a database). Instead, implement an approved hash algorithm to create a one-way hash of the password so that you can confirm the identity through the hash. However, it is not possible to retrieve the password from the hash. We can see this in action with an example.

The following code shows how to create a one-way hash from a plaintext string. We are using the bcrypt package to generate the hash. We then perform a comparison of the password with the hash to verify the match:

...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image