Questions tagged [local-storage]
The local-storage tag has no summary.
65 questions
1vote
0answers
96views
Using ETH private key to encrypt/decrypt a value in localStorage [closed]
I'm storing a sensitive string to local storage, but it is encrypted / decrypted with this: https://github.com/pubkey/eth-crypto?tab=readme-ov-file#encryptwithpublickey. This means that even though an ...
0votes
2answers
143views
Encryption of localStorage/indexedDb with server-side PBKDF2 derived secret secure?
Hello InformationSecurity community! I have the following situation, and seeking for advice for our security architecture. I am working for a client, who creates a resume builder app, where users can ...
- 377
0votes
1answer
359views
how to send cookies or token in local storage to a remote server using reflected XSS
I have an XSS vulnerability identified by <script>alert(1);</script> in the url. So when I put it in the url it gets executed (ex: www.example.com/admin/<script>alert(1);</script&...
- 465
0votes
1answer
106views
Password-based encryption: keeping the user logged in without entering password again
Context I have a system where some of user's data is encrypted via AES. Each user has their own key K. When the user creates an account, the K is generated and encrypted with a key derived from ...
- 67
2votes
0answers
147views
Secure API token handling in Windows app: the token is needed to authenticate the requests to a backend server
I'm currently working on a UWP app that involves validating redemption codes against a Cloudflare KV storage backend. That's all the backend server is for. I want the app to check the redemption code ...
- 21
2votes
1answer
2kviews
Apple Mail versus GMail app content security
I am trying to determine if there is a benefit to using the GMail app over the built in iOS one when it comes to security. I know that both store data locally on the phone, but the question is whether ...
3votes
1answer
20kviews
Where to store JWT refresh tokens
Where to store JWT refresh tokens? My idea was to encrypt the refresh token with crypto-js AES and salt, keeping it in an environment variable (.env). Then, the refresh token would be stored in either ...
0votes
0answers
213views
In a web application, what would you consider the best way to store secret keys obtained via an SDK?
Currently I am working on an application that requires secret keys to encrypt and sign information generated by the client and transmited over the wire, these keys are granted per user. Currently when ...
- 1
0votes
3answers
567views
Do browser vendors have access to LocalStorage/cookies?
Question is pretty much in the title. We have a customer that is very concerned with privacy, and we're making a solution that will rely on data being stored in LocalStorage, so we just need to verify ...
- 103
1vote
2answers
3kviews
Storing sensitive data in Local Storage with encryption?
I have a notes app that's offline-first and syncs with remote database when online. Currently, when a user creates a note, I'm encrypting it with AES. I ask the user to enter their decryption ...
- 11
0votes
0answers
5kviews
Where to store token from auth header in React
I am currently working on a medium scale app and am a month into learning React. I got to the part where I need to authenticate users. I have written some code and It is working, but I don't know is ...
0votes
0answers
21views
Store login credentials securely with JavaScript [duplicate]
Today I have a web application that needs to store the user's email and password, so that when he opens the login screen, the authentication is done automatically. For this, our application saves the ...
- 174
1vote
1answer
2kviews
JWT cookie with CSRF token as a claim inside the JWT
I am trying to figure out if the solution I am suggesting is valid for both XSS & CSRF protection, I would like to store the JWT in an httpOnly & secure cookie and not in local storage, when ...
- 113
3votes
1answer
602views
Cookies VS localStorage (JavaScript Security)
I know that HTTP requests made by the site get the browser's localStorage for a site, and document.cookie is encrypted for HTTPs websites, but I'm still wondering the risk of storing sensitive ...
7votes
1answer
4kviews
Logging in as another user - Security Issue
Two users are using same web application online. Suddenly, I checked my profile and it was data of another user. How this is possible? We both are using the same app at the same time, the app is on ...
