3

I am using a javascript rendering template engine with node.js. I am rendering sensitive user information into a static javascript object which is then served to the client. However I realized if the user saves the the html page and uploads it this could be a vulnerability. Is there any way around this? Could this be more serious than I believe? The information stored includes long lived access tokens. It shouldn't be that hard to work around this but I am personally interested in this.

Vilican
  • 2,703
  • 8
  • 21
  • 35
ROCK
  • 96
  • 6
  • Can you instead make the client ask for the access token via ajax? Or save it using cookies/html5 storage instead? – Orny Jun 09 '15 at 18:50
  • What if user press "print screen" and upload the image somewhere? – Romeo Ninov Jun 09 '15 at 18:57
  • @orny I could have yes, and if there was no solution I would need to do that. But luckily I found the easy solution detailed. – ROCK Jun 09 '15 at 19:11
  • @romeo ninov I'm not sure what you are talking about – ROCK Jun 09 '15 at 19:12
  • @RomeoNinov The sensitive information isn't being displayed on the screen, so there's nothing to print screen, but would be visible in View Page Source, or by saving the HTML page to disk. – Mike Ounsworth Jun 09 '15 at 19:23
  • @MikeOunsworth, in such case it make sense. Otherwise if its visible somehow nobody can stop you from grab the picture :) – Romeo Ninov Jun 09 '15 at 19:24

1 Answers1

-1

I was able to render the javascript object in a separate html file, name it as .js file, and include it as a script in the html. Problem solved.

Yes I could have switched to Ajax but I had worked a lot to parse the information with the template engine already and there was a lot of stuff to send.

ROCK
  • 96
  • 6