Collaborate Disseminate
I was reading this question and still have doubts about my use case.
I know it’s unsafe to store a JWT in local/session storage due to XSS attacks. But what if it’s for a JWT that only lasts 1 min when they first login? The client would th… Continue reading Is storing a short lived JWT on initial login in LocalStorage safe?
I’m working on a legacy application that issues JWTs with a short expiry time.
They do not have refresh token functionality implemented.
So obviously while using refresh tokens would be the right solution, for the sake of argument assume t… Continue reading What’s wrong with storing a username and password as a cookie?
I’m wondering if using Javascript closures is a useful technique to limit exposing data to XSS? I realize it wouldn’t prevent an attack, but would it reliably make an attack more difficult to execute, or would it only make my code more irr… Continue reading Are Javascript closures a useful technique to limit exposing data to XSS?
I’m new to the ionic framework and have some basics of it and currently I’m developing a private app for my family only that store some sensitive information in the localstorage. I used some crypto libraries to encrypt the whole data to pr… Continue reading Ionic local storage store sensitive data for private app
Let’s say that during account creation, I already prohibit passwords known to be reused from breaches of other sites, like if it’s in the Have I Been Pwned list. But breaches happen all the time, so what if my customers’ passwords show up … Continue reading What wrong with this system to proactively check if customers’ passwords have been found in a breach?
We have a web application that puts a private key in LocalStorage, which enables users to sign off certain messages. It’s been working fine until today we saw this announcement from Apple.
The TLDR; version is that now there is a “7-Day … Continue reading How to store private keys in browsers after Apple’s decision to wipe script-writeable storage?
I’ve been working on an eCommerce store for people to be able to buy items. I want to implement a basket system for this store.
Looking at lots of other posts, it is clear to me that there are definite security risks from using sessionSto… Continue reading Is it a security risk to strore item IDs in sessionStorage?
I’m building an SPA app and I have to use an access token to make requests to an API. The most common way to store the JSON Web Tokens is to use localStorage, but I have always thought that was a bad idea because of XSS attac… Continue reading Is encrypting localStorage data more secure?
Could somebody explain how a majority of new webapps are storing their JWTs/tokens in localStorage? This is just a terrible idea all-round! Did everyone suddenly become so confident that they aren’t susceptible to XSS attacks… Continue reading What led to the prominence of storing JWTs in localstorage?
I am building a JavaScript application that will run in a web browser but also as a pseudo-native mobile application via Apache Cordova. It communicates via API to a separate backend service.
The app requires that the user be prompted for… Continue reading Storing encrypted tokens in LocalStorage