I feel like there’s a lot of information for developers on protecting user information when there are multiple users who each need to have their passwords stored. But what if there is only 1 user? A sign up page wouldn’t be needed as you could set the username and password yourself.
I’m basically making a nicer view for database stuff that is easier to get information from for someone who doesn’t know SQL. But where do I store the username and password? I am using Node and I know you can use bcrypt but surely that’s only useful if you’re storing different user’s passwords into the db and hashing them when you save it into the db.
So how do I store the information securely? Does it not matter? Shall I just store it in the database and pull it when comparing to the password? Can I save it in the app.js file? Would be really helpful to know.
Given that you only have 2 reception staff accessing this website, I think the simplest solution for you would be to use Basic Authentication. It does not require you to create a database, or handle user accounts in a database. You can read more about it: https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication
If your site runs on Apache, its super easy to setup using a
.htaccess and a
.htpasswd. As usual, make sure your site is https, otherwise the credentials will be sent in cleartext.
If the sensitivity of the data changes, or if the power associated with this account changes you should revise this authentication method accordingly.