如何保护 HTML5 中的 localStorage?
[英]How to secure localStorage in HTML5?
问题描述
how do we secure the content of HTML5 localStorage from user tampering?
我们如何保护 HTML5 localStorage 的内容免受用户篡改? In case of cookies, we store information in the encrypted format and the secret used for encrypting will be stored in the server which is unknown to clients.在 cookie 的情况下,我们以加密格式存储信息,用于加密的秘密将存储在客户端不知道的服务器中。
But, in localStorage the information is residing in the client side and we send the key to the client.但是,在 localStorage 中,信息驻留在客户端,我们将密钥发送给客户端。 So, is there any standard way to secure the information in the localStorage from user tampering?那么,是否有任何标准方法可以保护 localStorage 中的信息免受用户篡改?
3 个解决方案
解决方案1
6 已采纳 2012-04-25 08:01:32
@Mikko Ohtamaa is right. @Mikko Ohtamaa是对的。 it is not so secure to use. 它使用起来不太安全。 but maybe you can use sessionStorage which keep information to session end. 但也许你可以使用sessionStorage将信息保存到会话结束。 and from this site : 并从这个网站 :
Final Thoughts on Local Storage and Security
Don't use local storage for session identifiers.
If cookies won't work for some reason, then use session storage which will be cleared when the user closes the browser window.
Be cautious with storing sensitive data in local storage.
the last thing is that dont store sensitive data in your localStorage... 最后一件事是不要在localStorage中存储敏感数据......
解决方案2
3 2012-04-25 07:48:48
You don't secure localStorage. 您无法保护localStorage。
Anything coming from a client software must be untrusted. 来自客户端软件的任何内容都必须是不可信的。
解决方案3
0 2021-10-22 00:12:08
编辑 9 年后,如果有人想知道,请查看SecurityJS.128 ,它是一个客户端 javascript 库,其中一个 API 是secureStorage 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.