Menu
how do we secure the content of HTML5 localStorage from user tampering? In case of cookies, we store information in the encrypted format and the secret used for encrypting will be stored in the server which is unknown to clients.
But, in localStorage the information is residing in the client side and we send the key to the client. So, is there any standard way to secure the information in the localStorage from user tampering?
723
@Mikko Ohtamaa is right. it is not so secure to use. but maybe you can use sessionStorage which keep information to session end. and from this site:
Final Thoughts on Local Storage and Security
Don't use local storage for session identifiers. Stick with cookies and use the HTTPOnly and Secure flags.
If cookies won't work for some reason, then use session storage which will be cleared when the user closes the browser window.
Be cautious with storing sensitive data in local storage. Just like any other client side storage options this data can be viewed and modified by the user.
the last thing is that dont store sensitive data in your localStorage...
139
You don't secure localStorage.
Anything coming from a client software must be untrusted.
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
