IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [local-storage]

55 questions
1
vote
1 answer

JWT cookie with CSRF token as a claim inside the JWT

I am trying to figure out if the solution I am suggesting is valid for both XSS & CSRF protection, I would like to store the JWT in an httpOnly & secure cookie and not in local storage, when the user successfully logs in, he will get (in addition to…
Roie Beck
  • 113
  • 4
1
vote
0 answers

Does Safari's "Prevent cross-site tracking" option ACTUALLY prevent determined efforts at cross-site tracking? (By, e.g. Facebook)

In other words: Does Safari's "Prevent cross-site tracking" option effectively prevent cross-site tracking? (Is it for purpose?) I though it would work; are my expectations off? Or, more specifically, I'm wondering: Why is Facebook data reappearing…
WHO's NoToOldRx4CovidIsMurder
  • 590
  • 2
  • 14
1
vote
0 answers

Progressive web app, Access token storage

I'm currently working on an existing PWA (Progressive web app) build in VUEJS. Currently i'm using Auth0 for user authentication and it works fine. But it seems a bit overkill and client finds it very hard to manage his users in Auth0 (multiple…
Bart Mommens
  • 11
  • 1
1
vote
1 answer

How to store private keys in browsers after Apple's decision to wipe script-writeable storage?

We have a web application that puts a private key in LocalStorage, which enables users to sign off certain messages. It's been working fine until today we saw this announcement from Apple. The TLDR; version is that now there is a "7-Day Cap on All…
reedvoid
  • 113
  • 4
1
vote
1 answer

Is it a security risk to strore item IDs in sessionStorage?

I've been working on an eCommerce store for people to be able to buy items. I want to implement a basket system for this store. Looking at lots of other posts, it is clear to me that there are definite security risks from using…
Josh Bounce
  • 11
  • 1
1
vote
1 answer

Is encrypting localStorage data more secure?

I'm building an SPA app and I have to use an access token to make requests to an API. The most common way to store the JSON Web Tokens is to use localStorage, but I have always thought that was a bad idea because of XSS attacks or a user could be…
chinloyal
  • 111
  • 2
1
vote
1 answer

Should sensitive tokens be stored in localStorage or an HTTPOnly cookie?

In the context of a web application... should sensitive tokens, such as those used for sessions, authentication and/or authorization, be stored in localStorage or an HTTPOnly cookie; or are they both acceptable approaches in different…
itscooper
  • 2,230
  • 13
  • 15
1
vote
2 answers

Why are third party cookies sent to second party websites?

When I visit this website, Google Analytics cookies are being sent to it from my browser along with the request. This goes against my whole understanding of cookies which is that cookies are only sent to the site that put them there. How is it then…
CodyBugstein
  • 579
  • 5
  • 12
1
vote
1 answer

Cookie vs HTML5 localStorage

On HTML5, we can use localStorage to keep data persistently on client side. It seems better from a non-security point of view (easy to access, not 5mb limit like cookies, etc). https://www.w3schools.com/html/html5_webstorage.asp From a security…
OscarAkaElvis
  • 5,185
  • 3
  • 17
  • 48
1
vote
1 answer

Can LastPass local password store (on a Android device) be brute forced in a usual way?

I' trying to figure out how secure LastPass is if you have it on your Android device and it gets stolen. If I'm not mistaken there has to be a password vault stored somewhere locally on the device. Would in that case be enough to just keep trying…
danizmax
  • 113
  • 5
1
vote
0 answers

Storing user private key paraphrase during session

We have a web application which is used to store secrets (passwords, pins etc) and share them to other system users. Currently for encryption we use AES with single encryption key, and all secrets after encryption are stored in DB. After reading…
Valdas
  • 200
  • 4
0
votes
0 answers

Where to store token from auth header in React

I am currently working on a medium scale app and am a month into learning React. I got to the part where I need to authenticate users. I have written some code and It is working, but I don't know is it secure enough. When my users login, they are…
NoDiggityNoDoubt
  • 1
0
votes
0 answers

Store login credentials securely with JavaScript

Today I have a web application that needs to store the user's email and password, so that when he opens the login screen, the authentication is done automatically. For this, our application saves the email and password in localStorage, unfortunately…
Tom
  • 163
  • 4
0
votes
1 answer

How to best prevent data recovery on a disk drive without physically destroying it?

The recommended way of ensuring that data on a hard disk cannot be recovered is to destroy it physically, for example using a hammer, drill or even thermite. Question When physical disk destruction is not an available option, what is the next best…
stevec
  • 1,214
  • 1
  • 7
  • 16
0
votes
1 answer

How to best store the password for Keepass for a python bot that runs in Windows?

I have a python bot that runs in Windows 10 and accesses Keepass with a password. I'm wondering what would be the correct way to store and access this Keepass password. Currently, the Keepass password is encrypted and decrypted with a key. However…
AturSams
  • 195
  • 1
  • 8
1 2
3
4