Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to secure localStorage in HTML5?

how do we secure the content of HTML5 localStorage from user tampering? In case of cookies, we store information in the encrypted format and the secret used for encrypting will be stored in the server which is unknown to clients.

But, in localStorage the information is residing in the client side and we send the key to the client. So, is there any standard way to secure the information in the localStorage from user tampering?

like image 723
Ramesh Avatar asked Feb 21 '23 17:02

Ramesh


2 Answers

@Mikko Ohtamaa is right. it is not so secure to use. but maybe you can use sessionStorage which keep information to session end. and from this site:

Final Thoughts on Local Storage and Security

  1. Don't use local storage for session identifiers. Stick with cookies and use the HTTPOnly and Secure flags.

  2. If cookies won't work for some reason, then use session storage which will be cleared when the user closes the browser window.

  3. Be cautious with storing sensitive data in local storage. Just like any other client side storage options this data can be viewed and modified by the user.

the last thing is that dont store sensitive data in your localStorage...

like image 139
Aragon Avatar answered Feb 23 '23 07:02

Aragon


You don't secure localStorage.

Anything coming from a client software must be untrusted.

like image 32
Mikko Ohtamaa Avatar answered Feb 23 '23 06:02

Mikko Ohtamaa