如何防止sessionStorage在JavaScript控制台中显示?
[英]How to prevent sessionStorage from showing in JavaScript console?
问题描述
I would like to store some sensitive information in sessionStorage to use it across multiple pages. 
我想在sessionStorage中存储一些敏感信息,以便在多个页面中使用它。
However anyone with a minimal Javascript knowledge can open browser's JavaScript console, type sessionStorage with dot at the end and see all its fields and subsequently all fields' content. 但是,任何具有最小Javascript知识的人都可以打开浏览器的JavaScript控制台,在末尾键入带有点的sessionStorage并查看其所有字段以及随后所有字段的内容。
So actually sessionStorage is absolutely not safe, meaning I cannot store there any sensitive information like user ID, password, etc. Or am I missing something? 所以sessionStorage实际上绝对不安全,这意味着我不能存储任何敏感信息,如用户ID,密码等。或者我错过了什么?
1 个解决方案
解决方案1
2 已采纳 2012-12-04 09:21:30
Safe in what context? 在什么情况下安全? It's storage for client data, so as long as the data doesn't leak between websites you're good to go. 它是客户端数据的存储空间,因此只要数据不会在网站之间泄露,您就可以开始使用。 Of course sessionStorage wasn't designed to keep any data you want to hide from your user ( especially sensitive information!) so don't be surprised that any data you put there is easily available to him. 当然,sessionStorage 并不是为了保存您想要隐藏的任何数据( 特别是敏感信息!)所以不要惊讶于您放在那里的任何数据都很容易为他所用。
Use other means to store such sensitive information (preferably server side storage where it's presumably more safe). 使用其他方法存储此类敏感信息(最好是服务器端存储,它可能更安全)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.