I'm doing an application in ionic and i need to use session to maintain data. I use localStorage but i want to know is it safe for sensitive data?Is there a way encrypt the data or other way to make it safe?Or is there another way to make session in an ionic application?
Is the data used in session with localStorage in ionic application safe?
223 views Asked by Claudiu At
1
There are 1 answers
Related Questions in SECURITY
- Rails routes, rspec
- Faking instance variable in RSpec and Capybara feature spec
- Using Rspec should_receive to test that a controller calls a method on an object correctly
- stubbing 'gets' in ruby multiple times
- Testing Twitter Typeahead with RSpec/Capybara
- Rspec is giving file is not defined error
- Why spec does not see the class in the module?
- Clicking label element that unfortunately contains a link
- Why am I receiving a load error in my RSpec tests?
- If I stub out .save method in my controller test how can I check the correct show template is rendered?
Related Questions in SESSION
- Rails routes, rspec
- Faking instance variable in RSpec and Capybara feature spec
- Using Rspec should_receive to test that a controller calls a method on an object correctly
- stubbing 'gets' in ruby multiple times
- Testing Twitter Typeahead with RSpec/Capybara
- Rspec is giving file is not defined error
- Why spec does not see the class in the module?
- Clicking label element that unfortunately contains a link
- Why am I receiving a load error in my RSpec tests?
- If I stub out .save method in my controller test how can I check the correct show template is rendered?
Related Questions in IONIC-FRAMEWORK
- Rails routes, rspec
- Faking instance variable in RSpec and Capybara feature spec
- Using Rspec should_receive to test that a controller calls a method on an object correctly
- stubbing 'gets' in ruby multiple times
- Testing Twitter Typeahead with RSpec/Capybara
- Rspec is giving file is not defined error
- Why spec does not see the class in the module?
- Clicking label element that unfortunately contains a link
- Why am I receiving a load error in my RSpec tests?
- If I stub out .save method in my controller test how can I check the correct show template is rendered?
Related Questions in THREAD-LOCAL-STORAGE
- Rails routes, rspec
- Faking instance variable in RSpec and Capybara feature spec
- Using Rspec should_receive to test that a controller calls a method on an object correctly
- stubbing 'gets' in ruby multiple times
- Testing Twitter Typeahead with RSpec/Capybara
- Rspec is giving file is not defined error
- Why spec does not see the class in the module?
- Clicking label element that unfortunately contains a link
- Why am I receiving a load error in my RSpec tests?
- If I stub out .save method in my controller test how can I check the correct show template is rendered?
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
I wanted to see your answer about what you call "sensitive information", before creating this answer, and now that I know it, Why would you want to keep information like the password in the local storage? First of all, you should not know your user's passwords at all, you should just save a hash of your user's password in your database and only that. Your cookies, local storage and all those client-side storage mechanisms are just for user preferences, session tokens and stuff like that, and it should never be used to store sensitive information, since that information can be modified by the user or even worse, it might be readed by an attacker.
I know that your question is about a safe way to store this information in the client side, but the answer here is that you should not be doing that at all. Yes, you could do something like encrypting the information (and only decrypting in your server, since to do it in the client side, you'll need the key and again, the key can be readed by an active attacker and then he'll be able to decrypt the information), but information like that has no reason to be stored in the client side, if you're doing it for authentication purposes, then you should be using sessions and cookies.
Maybe I got it wrong and you're doing it for a particular reason, and if it's like that, feel free to tell me that reason, so we can find a different solution, because I'm 100% sure that you don't really need to store information like the password.