How to secure localStorage in HTML5?
Question
how do we secure the content of HTML5 localStorage from user tampering? In case of cookies, we store information in the encrypted format and the secret used for encrypting will be stored in the server which is unknown to clients.
But, in localStorage the information is residing in the client side and we send the key to the client. So, is there any standard way to secure the information in the localStorage from user tampering?
3 answers
solution1
6 ACCPTED 2012-04-25 08:01:32
@Mikko Ohtamaa is right. it is not so secure to use. but maybe you can use sessionStorage which keep information to session end. and from this site :
Final Thoughts on Local Storage and Security
Don't use local storage for session identifiers. Stick with cookies and use the HTTPOnly and Secure flags.
If cookies won't work for some reason, then use session storage which will be cleared when the user closes the browser window.
Be cautious with storing sensitive data in local storage. Just like any other client side storage options this data can be viewed and modified by the user.
the last thing is that dont store sensitive data in your localStorage...
solution2
3 2012-04-25 07:48:48
You don't secure localStorage.
Anything coming from a client software must be untrusted.
solution3
0 2021-10-22 00:12:08
编辑 9 年后,如果有人想知道,请查看SecurityJS.128 ,它是一个客户端 javascript 库,其中一个 API 是secureStorage 。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.