I wonder what's 'correct' way to create user accounts in MongoDB and actions like register/login. Do I have to create a specific collection for users (Username,Email,Password) or MongoDB has something built in already for users?
If I have to create users collection manually, how to deal with password encryption? Thanks.
You'll probably have to create and manage the collection of users manually.
As for encrypting passwords, the common approach is to hash the passwords using a suitable hash-function before you store them in the db. Later, when a user tries to login you use the same hash-function on the string they entered in the password field and compare that result to the password entry in your db. That way you never store the actual passwords and if someone hacks you they won't get your users passwords, just their hashes.
For extra security (against dictionary attacks) you should also salt the hashed passwords. Read about it here
Mongo is for data persistance, what you are talking about is much higher level. A better question would be "How to do user authentication for <language or platform you are using>
with mongo"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With