How to prevent of Client HTML5 Store Sensitive data In Web Storage in Asp.net core Angular

Question

How to prevent of Client HTML5 Store Sensitive data In Web Storage in Asp.net core Angular

Sumanth Babu 21

Client HTML5 Store Sensitive data In Web Storage in my code below

private readonly _authToken: string = this.encrypt('auth_token');

set authToken(value: string)
{
localStorage.setItem(this._authToken, this.encrypt(value)); --> "this._authToken" Store Sensitive data attack
}

Please help to my code . If got let me know

AgaveJoe 30,126 Reputation points

2022-07-25T12:23:09.983+00:00

JavaScript is plain text in the browser. If you plan to continue with approach then encrypt the token.

Otherwise, redesign the code to call the web application rather than a REST service using standard authentication/authorization.. The Web application stores the token on the server and calls the REST service (proxy).

1 answer

Your answer

AgaveJoe 30,126 Reputation points

2022-07-25T12:23:09.983+00:00

JavaScript is plain text in the browser. If you plan to continue with approach then encrypt the token.

Otherwise, redesign the code to call the web application rather than a REST service using standard authentication/authorization.. The Web application stores the token on the server and calls the REST service (proxy).

Answer 1

Bruce (SqlWork.com) 77,686 Volunteer Moderator

you can not securely encrypt on the client, only has. You should not pass secure data to the client that the client is not allowed to view, keep it on the server.

if you must, have the server encrypt the data, which the client can safely store, and send to the server at a later time.

note: proper auth tokens are clear text by design (they are signed instead), and do not need to be encrypted. you can safely store the in local storage (at least on a private hosted web browser)

Share via

How to prevent of Client HTML5 Store Sensitive data In Web Storage in Asp.net core Angular

1 answer

Your answer