reactjs中的解密密钥存储在哪里?
[英]Where to store the decryption key in reactjs?
问题描述
I am working on react app which fetches the API on the user responses.
我正在开发反应应用程序,该应用程序在用户响应中获取 API。 API response are encrypted and I get decryption key before making any API (via secure method). API 响应已加密,我在制作任何 API 之前获得解密密钥(通过安全方法)。
I need to store the decryption key so that I can decrypt the API response every single time.我需要存储解密密钥,以便每次都能解密 API 响应。 Currently I store the decryption key in component state.目前我将解密密钥存储在组件 state 中。 which can be seen very easily by anyone using react-dev tool任何使用 react-dev 工具的人都可以很容易地看到
I don't need to store the decryption locally, it changes very time user login.我不需要在本地存储解密,它会在用户登录时改变。
2 个解决方案
解决方案1
-1 2019-11-06 06:34:59
The key needs to be stored inside an httpOnly cookie, a special kind of cookie that's only sent in HTTP requests to the server, and it's never accessible (both for reading or writing) from JavaScript running in the browser.密钥需要存储在 httpOnly cookie 中,这是一种特殊类型的 cookie,仅在 HTTP 请求中发送到服务器,并且永远无法从浏览器中运行的 JavaScript 访问(读取或写入)。
By the way, this is the way JWT token verification works as well.顺便说一句,这也是 JWT 令牌验证的工作方式。 So you can use the same mechanism.所以你可以使用相同的机制。
PS: Ignore my previous comment, I was just trying to give you an alternative without giving my thought to it PS:忽略我之前的评论,我只是想给你一个替代方案而没有考虑到它
解决方案2
-1 2019-11-06 06:39:03
I think you can use Cookies for storing your decryption key, but now that's your choice that you need to persist the cookie or make it available for the session.我认为您可以使用 Cookies 来存储您的解密密钥,但现在您可以选择保留 cookie 或使其可用于 session。
You can encyrpt cookies making use of cookie-encryption您可以使用cookie-encryption 加密cookies
Hope this helps!!希望这可以帮助!!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.