admin管理员组文章数量:1295950
Is there any way to store localstorage securely, like encrypting and decrypting the localstorage data. I don't want other users to manipulate the localstorage data. If that is not possible with localstorage, what are the other ways to store data at client side?
I have seen websql, but that is also get manipulated easily by writing queries in console.
Note: Can you please provide the solution for Angular 2+ !
Is there any way to store localstorage securely, like encrypting and decrypting the localstorage data. I don't want other users to manipulate the localstorage data. If that is not possible with localstorage, what are the other ways to store data at client side?
I have seen websql, but that is also get manipulated easily by writing queries in console.
Note: Can you please provide the solution for Angular 2+ !
Share Improve this question edited Oct 31, 2018 at 9:49 Sivakumar Tadisetti asked Apr 18, 2018 at 10:35 Sivakumar TadisettiSivakumar Tadisetti 5,0517 gold badges38 silver badges61 bronze badges 6- 1 Possible duplicate of Can local storage ever be considered secure? – Tomasz Kula Commented Apr 18, 2018 at 10:36
- 1 @TomaszKula nice thread linked, thx for sharing. – Yanis-git Commented Apr 18, 2018 at 10:42
- 1 @TomaszKula, so you said this question is duplicate. I didn't get any answer from your shared link. Can you tell me how to secure the localstorage. If you don't know leave it. no problem. – Sivakumar Tadisetti Commented Apr 18, 2018 at 10:44
- @JSSA It does provide an answer, please read it properly. – Lazar Ljubenović Commented Apr 18, 2018 at 10:45
- 1 @LazarLjubenović Yeah, i read the answer. from that answer what I understood is that, they are saying "Don't use Javascript crypto" and "WebCrypto API, but that is not here yet". I didn't get the answer like "Use this libraray or this method to secure localstorage". That is what I want. – Sivakumar Tadisetti Commented Apr 18, 2018 at 10:49
2 Answers
Reset to default 4Contrary to the other answer, you can securely store any value in the client, where by "securely" I mean the value is not known to the client and/or cannot be modified. The storage mechanism can be localStorage, websql or whatever else. The catch is that Javascript code will not be able to read and/or modify such a value either, because obviously Javascript is the client from what you want to protect such data.
If you have a server-side secret (a key), you can use that to encrypt (for confidentiality) and/or sign (for integrity) any data sent to the client. This is how frameworks like Rails handle sessions by default without server-side persistance and still relatively securely.
Note that simply encrypting a cookie on the server will not necessarily authenticate its contents (see authenticated encryption), and also such a cookie would be vulnerable to replay attacks, against which you can use a timestamp or a nonce. You have to care about forward secrecy if you need it. So in short you have to take care of stuff yourself, which is not straightforward, but not impossible either.
If you only sign data but not encrypt it, Javascript may have access to it, but still won't be able to modify.
No there isn't any way to store data in client side which client won't be able to manipulate.
In angular, you can save data in services but that will be cleared if user refreshes the browser.
本文标签: javascriptHow to securely store localstorage in angular 5Stack Overflow
版权声明:本文标题:javascript - How to securely store localstorage in angular 5 - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741609141a2388153.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论