[英]What are the risks of Storing Credit Card / Bank Account Information in LocalStorage?
I recently noticed a bill pay website I was using seemed to be storing my bank account and credit card number in my browser's LocalStorage. 我最近注意到我使用的账单支付网站似乎是在我的浏览器的LocalStorage中存储我的银行账户和信用卡号码。 The data is stored in JSON object that gets stringified into LocalStroage.
数据存储在JSON对象中,该对象被字符串化为LocalStroage。 There is no special encoding, obfuscation, or encryption of the data.
没有特殊的编码,模糊处理或数据加密。
While this was very off-putting initially and definitely seems like a substandard engineering practice, I'm having trouble thinking of ways this implementation could be meaningfully hacked: 虽然这最初非常令人反感,而且肯定看起来像是一个不合标准的工程实践,但我很难想到这个实现可能会被严重破解的方式:
What other security vulnerabilities are opened up by this practice? 这种做法还会带来哪些其他安全漏洞?
If the web app failed to sanitize user-submitted content, perhaps a malicious script could be injected to steal data from LocalStorage, but it could also steal this data from JavaScript's memory directly.
如果Web应用程序无法清理用户提交的内容,可能会注入恶意脚本以从LocalStorage窃取数据,但它也可能直接从JavaScript内存中窃取此数据。 Thus, the risk level is no different using LocalStorage.
因此,使用LocalStorage风险级别也不例外。
I disagree. 我不同意。 It makes a big difference if a script has to be injected into a very specific web page to be able to get access to user entered sensitive data or if the JavaScript can be injected on any page on that host and simply access the LocalStorage and send the data somewhere.
如果必须将脚本注入非常特定的网页以便能够访问用户输入的敏感数据,或者如果可以在该主机上的任何页面上注入JavaScript并只是访问LocalStorage并发送,则会产生很大的不同。数据在某处。 In the latter case one page that is accessed by the user at any point is sufficient for the attack.
在后一种情况下,用户在任何时候访问的一个页面足以进行攻击。
Furthermore you have to take into account that the LocalStorage is usually stored in plain text by the web browser. 此外,您必须考虑到LocalStorage通常由Web浏览器以纯文本格式存储。
IMHO the only way to store sensitive data in the LocalStorage is to let the server encrypt it using an authenticated cipher using a user-specific key that is only known by the server. 恕我直言,在LocalStorage中存储敏感数据的唯一方法是让服务器使用经过身份验证的密码使用仅由服务器知道的用户特定密钥对其进行加密。 If afterwards the data should be used again, the client could sent it to the server and the server can the decrypt it and use it.
如果之后数据应该再次使用,客户端可以将其发送到服务器,服务器可以解密并使用它。 Of course the sensitive part should never ever be sent back to the client (eg as pre-filled form on a web page).
当然,敏感部分永远不应该被发送回客户端(例如,作为网页上的预填表格)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.