stackoom
  简体   繁体   中英

is it safe to store users data in the session/history reactjs

 原文  2021-03-13 17:04:07       javascript/ sql/ node.js/ reactjs

Question

I took over this react application from an old developer, and I'm not super familiar with the way react works, but I never, in my life, have stored user's data in the history of the session. I notice he is doing just that, which freaks me out a bit:

const {
        history,
      } = this.props

      AuthorizationHome.doCreateUserWithEmailAndPassword(email, passwordOne)
        .then((authUser) => facades.userFacade().doCreateUser(authUser.user.uid, email, name, companyName))
        .then(() => {
          history.push(routes.HOME)
        })

is it actually safe to be doing this, or should I be storing in a DB and querying the data each time it's needed? I've always just either stored the user's data in the DB and queried it through my server-side code, or passed the data to my backend and manipulated it safely through there. please let me know!

3 answers

solution1
 1 ACCPTED  2021-03-13 17:07:16

It's based the type project your working on. If it's banking or it deals with any sensitive data and public usage application please avoid saving passwords in the on page login. It's better to user authentication session based on the project requirement.

solution2
 1  2021-03-13 17:33:29

Yes this data stays persistent as long as the page is not navigated or routed to same page with other data.

solution3
 0  2021-03-13 17:18:56

No it isn't safe, as if someone gets access of the client's computurer, they could retrieve the credentials and possibly have lifetime access to their account. Even with encryption, it isn't good to store username and password locally.

What you could do is implement JWT with short-lived tokens then encrypt them and store them locally (or use cookie based jwts but beware of csrf exploits). That way, if a client's tokens were stolen, the tokens could expire after a while, or if you detect they have been comprimised, revoke the tokens without having the client change their password.

You could also ask the user for a pin to use to encrypt and store their credentials locally, then when they open a new page/session, ask them for it to decrypt the stored data. I would advice against this, since the client can use simple pins such as 1-2-3-4 and instead of having them use longer pins/codes, just have them directly re-enter their passwords

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Is it safe to store a JWT in localStorage with ReactJS? Is it safe to store a sensitive data in Local Stoarge or session storage? Localstorage allows to any attacks for sensitive data Reactjs with history Store and edit data using ReactJS How to store a page session with react-router, Browser History? Is it safe to store firebase user credential token on local or session storage? How to sync data between users ReactJS Store Data on Users Google Account Safe way to store data for button clicks How to store users data permanently
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM