User Password in Database

Hi,
I am just wondering where is user’s password saved in the database. I see user’s email, but no matching password with it.

Thanks!
Werner

1 Like

Hi,
password is hidden for security concern I guess.
If you really want to access your user’s pwd, save them in another field when the password is typed by the user. Then you can use Privacy tab to add a security layer with something like “when This User’s Administrator = yes”.
But be careful :smile:

1 Like

Yes, we only store a hashed version of the password for security purposes. We strongly do not recommend storing the password as a plain field in the user.

7 Likes

Hello,

I was wondering if there was any way around this. I’m simulating a web application for a class assignment, so user data is not sensitive, and I must create the data in bulk.

Thank you

Store the password input’s value on signup.

@NicolasDap @emmanuel I’ll just use that in My Test Blog

Hi, I am just wondering what algorithm is used for storing passwords (eg. bcrypt, some salted function …) - just to be sure that passwords are stored in secure way. Could you find out please? Thank you.

They are salted in the db

Thank you.

How can we retrieve the hashed/salted passwords ?

You can’t retrieve the passwords unless you save them in the DB directly, which is not a good practice for security reasons.

Instead, you can use the action to log users in using the password the user inputs and Bubble will either confirm it’s correct and log them in, or it’ll send an error code saying it’s the wrong password.

1 Like

Sorry, I think I haven’t explain myself clearly. :slight_smile:

I don’t want to retrieve the passwords.
I want to retrieve the hashes of the passwords (not the passwords!), the name of the algorithm that was used to hash them and the salt that was used to hash them.

I completely agree that storing passwords in plain text is bad practice. As you follow best practices you, most likely used a different salt for each new bubble project. Where can I find the salt of my project and where can I find the hashed passwords of my users ?

I hope you can help. :slight_smile:

I don’t believe that we have access to that information for our users but I could be wrong. Does anyone else know?

1 Like

@sridharan.s is right, we don’t have access to the hashes nor the salt.

Which, on balance, I think is a good thing.

If you have a use case that needs this, then you can always do it yourself.

I have a node.js function on webtask.io that does just that.

Although with the speed of GPU based hashing these days, without a slow hash most things are quickly reversible should the hashes get out into the wild.

I am trying to sign up bulk users and generating random password for the user, given their email-id. But I need to send an email with the random password to the user, and I can’t access the password field.

Can this be achieved without storing the password in plain text?

2 Likes

So what should I do If i would like to migrate my users to a custom app with it’s own db?

The only option you have is asking every user to create a new password.