Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

HTML5 Client Side Data Encryption - What are my options?

Tags:

javascript

html

web-applications

encryption

I am working on a EDIT: mobile web app which displays some sensitive information and requires a login which stores the members username and password in a HTML5 Session. The username and password are currently stored in an un-encrypted state for the reason that we need to use this username and password on each page load to access the clients remote web-service.

EDIT: After a security review our client raised the following concern:

"There is the potential that Session Storage information can get stored on disk (e.g. on a browser crash). For this reason no sensitive information should be stored unencrypted in session storage. User ID’s and session tokens can be stored since session timeouts are implemented however storing of passwords/PINs is not recommended."

What would be the best/most secure method of encrypting and decrypting sensitive data stored client-side?

Thanks!

like image 812
TGuimond Avatar asked May 12 '11 09:05

TGuimond

People also ask

Does client side need encryption?

If you're looking for the most secure, private way to send email or transmit data, client-side encryption is your best bet. Using client-side email encryption makes it less likely for your information to be intercepted by hostile third parties on the Internet.

Is html5 encrypted?

The HTML 5 library does not support encrypting locally stored data on the device. To continue reading about encryption, switch to a platform that supports it.

What is client side data encryption?

Client-side encryption is the cryptographic technique of encrypting data on the sender's side, before it is transmitted to a server such as a cloud storage service.

2 Answers

Hi instead of storing the username and password, can you not create some sort of "session" with the remote server and instead transmit an authentication token?

Storing a username and password anywhere in the client side gives me the shivers.

Perhaps of looking for ways of storing the username / password safely, look for ways of removing the need to store it at all.

However of course I'm saying this without knowing the full background... I'm guessing there is a good reason to need to store the username / password.

like image 185
Alex KeySmith Avatar answered Sep 19 '22 05:09

Alex KeySmith

For anyone stumbling upon this question, Stanford has a crypto project over at http://crypto.stanford.edu/sjcl/. I have not used it myself in production, but am busy investigating it and so far it looks promising. Hope this helps someone.

like image 40
Tash Pemhiwa Avatar answered Sep 21 '22 05:09

Tash Pemhiwa
Sign in to Comment

Related questions

Bootstrap toast does not show up
Browser back/next button to navigate between tabs
Can you combine multiple images into a single one using JavaScript?
Does Silverlight have a performance advantage over JavaScript?
Get selected text and selected nodes on a page?
What is the best way to emulate an HTML input "maxlength" attribute on an HTML textarea?
How to disable JQuery keypress event for just one element?
Search a JavaScript object
Safari: Disable form-submit on Enter? [duplicate]
In JavaScript event handling, why "return false" or "event.preventDefault()" and "stopping the event flow" will make a difference?
JQuery DataTable Cell from a row click
What does $([]) mean in jQuery?
Event calling before page unload
jquery : wait until all ajax calls finish then continue [duplicate]
Javascript replace regex wildcard
How to modify Cookie from Ajax call
window.resize is not working in chrome and opera
Find index of NaN in a javascript array
Is there a command line argument in Chrome to start the developer tools on startup?
jQuery Ajax call returning '[object XMLDocument]'

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!