Often, we need to transform values between what is written to the model and what we want to persist in our database. One of the most common uses for this kind of transformation is for password security. Saving a password in any format other than a salted hash to your database is a serious security vulnerability. The best way to handle this with Mongoose is to simply use the built in pre-save hook to perform this operation using an encryption library, such as bcrypt.
In cryptography, a salt is just random data that is used in conjunction with a one-way function known as a hash. A hash is a mathematical algorithm that maps a piece of data like a password, to a string of a fixed size. The main use of salts is to defend against a hashing vulnerability known as a rainbow table attack.
If you are interested in learning more about the nuances of password hashing and best security practices, I recommend checking out this article on the topic:
https://crackstation.net/hashing-security.htm
If you are interested in learning more about the nuances of password hashing and best security practices, I recommend checking out this article on the topic:
https://crackstation.net/hashing-security.htm