Collaborate Disseminate
Let’s say that during account creation, I already prohibit passwords known to be reused from breaches of other sites, like if it’s in the Have I Been Pwned list. But breaches happen all the time, so what if my customers’ passwords show up … Continue reading What wrong with this system to proactively check if customers’ passwords have been found in a breach?
We have a web application that puts a private key in LocalStorage, which enables users to sign off certain messages. It’s been working fine until today we saw this announcement from Apple.
The TLDR; version is that now there is a “7-Day … Continue reading How to store private keys in browsers after Apple’s decision to wipe script-writeable storage?
I’ve been working on an eCommerce store for people to be able to buy items. I want to implement a basket system for this store.
Looking at lots of other posts, it is clear to me that there are definite security risks from using sessionSto… Continue reading Is it a security risk to strore item IDs in sessionStorage?
I’m building an SPA app and I have to use an access token to make requests to an API. The most common way to store the JSON Web Tokens is to use localStorage, but I have always thought that was a bad idea because of XSS attac… Continue reading Is encrypting localStorage data more secure?
Could somebody explain how a majority of new webapps are storing their JWTs/tokens in localStorage? This is just a terrible idea all-round! Did everyone suddenly become so confident that they aren’t susceptible to XSS attacks… Continue reading What led to the prominence of storing JWTs in localstorage?
I am building a JavaScript application that will run in a web browser but also as a pseudo-native mobile application via Apache Cordova. It communicates via API to a separate backend service.
The app requires that the user be prompted for… Continue reading Storing encrypted tokens in LocalStorage
I’m working on an web application in HTML5 using a service worker and one of the requirements is to work offline.
In order to achieve offline functionality we are storing all the application data required in indexeddb. The i… Continue reading Offline senstive data storage
I’m a web developer on the MAMP stack:
Mac + Apache + MySQL + PHP
I run a local web server with MAMP and I usually create a custom localhost domain for every project, such as:
myproject.localhost
myproject2.localhost
Thi… Continue reading All databases in my local computer just got stolen. How should I proceed? [on hold]
I’ve read that it’s a bad idea to save Single Page App’s encrypted authentication token in browser’s localStorage because this makes your app vulnerable to XSS attack, and when the token is stolen, the hacker can disguise as… Continue reading How is security risk of storing authentication token in localStorage compared with cookies?
The browser has several built-in storages, such as local storage or indexedDB. Does it make sense to store sensitive data in them if there is a risk that some malware can access the browser’s data directory?
Continue reading What data related to a specific web page can be obtained outside the browser?