在LocalStorage中存储信用卡/银行账户信息有哪些风险?
[英]What are the risks of Storing Credit Card / Bank Account Information in LocalStorage?
问题描述
I recently noticed a bill pay website I was using seemed to be storing my bank account and credit card number in my browser's LocalStorage. 
我最近注意到我使用的账单支付网站似乎是在我的浏览器的LocalStorage中存储我的银行账户和信用卡号码。 The data is stored in JSON object that gets stringified into LocalStroage. 数据存储在JSON对象中,该对象被字符串化为LocalStroage。 There is no special encoding, obfuscation, or encryption of the data. 没有特殊的编码,模糊处理或数据加密。
While this was very off-putting initially and definitely seems like a substandard engineering practice, I'm having trouble thinking of ways this implementation could be meaningfully hacked: 虽然这最初非常令人反感,而且肯定看起来像是一个不合标准的工程实践,但我很难想到这个实现可能会被严重破解的方式:
- Since the site was HTTPS, a man-in-the-middle attack could not inject malicious JavaScript to read out of LocalStorage. 由于该站点是HTTPS,因此中间人攻击无法注入恶意JavaScript以读取LocalStorage。
- LocalStorage is not shared on the same domain between HTTP and HTTPS, so that would rule out script injection over non-SSL connections. LocalStorage不在HTTP和HTTPS之间的同一域上共享,因此将排除非SSL连接上的脚本注入。
- If the web app failed to sanitize user-submitted content, perhaps a malicious script could be injected to steal data from LocalStorage, but it could also steal this data from JavaScript's memory directly. 如果Web应用程序无法清理用户提交的内容,可能会注入恶意脚本以从LocalStorage窃取数据,但它也可能直接从JavaScript内存中窃取此数据。 Thus, the risk level is no different using LocalStorage. 因此,使用LocalStorage风险级别也不例外。
- A malicious browser plugin could perhaps read the data out of LocalStorage, but that's really no different from the risk that a malicious plugin could scrape the data off the web page or read it from JavaScript memory. 恶意浏览器插件可能会从LocalStorage中读取数据,但这与恶意插件可以从网页上抓取数据或从JavaScript内存中读取数据的风险没有什么不同。
- If the user logged into this site on a public computer, it's plausible someone could steal their payment data out of LocalStorage. 如果用户在公共计算机上登录此站点,则有人可能会从LocalStorage中窃取他们的付款数据。 But that wouldn't be too different than someone stealing their data off the screen had they left themselves logged into the application. 但是,如果他们将自己的数据留在了应用程序中,那么与屏幕上的数据有关的人就不会有太大的不同了。 I'm assuming that LocalStorage gets cleared upon log out (which might be an overly generous assumption here). 我假设LocalStorage在注销时被清除(这可能是一个过于慷慨的假设)。
What other security vulnerabilities are opened up by this practice? 这种做法还会带来哪些其他安全漏洞?
1 个解决方案
解决方案1
2 已采纳 2018-04-26 18:11:16
If the web app failed to sanitize user-submitted content, perhaps a malicious script could be injected to steal data from LocalStorage, but it could also steal this data from JavaScript's memory directly.
I disagree. 我不同意。 It makes a big difference if a script has to be injected into a very specific web page to be able to get access to user entered sensitive data or if the JavaScript can be injected on any page on that host and simply access the LocalStorage and send the data somewhere. 如果必须将脚本注入非常特定的网页以便能够访问用户输入的敏感数据,或者如果可以在该主机上的任何页面上注入JavaScript并只是访问LocalStorage并发送,则会产生很大的不同。数据在某处。 In the latter case one page that is accessed by the user at any point is sufficient for the attack. 在后一种情况下,用户在任何时候访问的一个页面足以进行攻击。
Furthermore you have to take into account that the LocalStorage is usually stored in plain text by the web browser. 此外,您必须考虑到LocalStorage通常由Web浏览器以纯文本格式存储。
IMHO the only way to store sensitive data in the LocalStorage is to let the server encrypt it using an authenticated cipher using a user-specific key that is only known by the server. 恕我直言,在LocalStorage中存储敏感数据的唯一方法是让服务器使用经过身份验证的密码使用仅由服务器知道的用户特定密钥对其进行加密。 If afterwards the data should be used again, the client could sent it to the server and the server can the decrypt it and use it. 如果之后数据应该再次使用,客户端可以将其发送到服务器,服务器可以解密并使用它。 Of course the sensitive part should never ever be sent back to the client (eg as pre-filled form on a web page). 当然,敏感部分永远不应该被发送回客户端(例如,作为网页上的预填表格)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.