Collaborate Disseminate
The browser has several built-in storages, such as local storage or indexedDB. Does it make sense to store sensitive data in them if there is a risk that some malware can access the browser’s data directory?
Continue reading What data related to a specific web page can be obtained outside the browser?
In the context of a web application…
should sensitive tokens, such as those used for sessions, authentication and/or authorization, be stored in localStorage or an HTTPOnly cookie; or are they both acceptable approaches in different circ… Continue reading Should sensitive tokens be stored in localStorage or an HTTPOnly cookie?
At work, we are planning to take down a database for 24 hours. We are not going down the track of creating a “Hot standby”, the DB will be completely offline throughout. During the downtime, we would like limited access to so… Continue reading Data extraction, temporary storage and audit log – Advice needed
Imagine web apps that are supposed to work with no or only a few interactions with the web server, for example:
a browser game in which the player’s level and progress are to be saved locally.
a game, progressive web app or… Continue reading How can Web Crypto API and IndexedDB protect data stored on the client side against user manipulation?
I am building SPA (React/Redux) and require user authetification. I have found similar discussions, but haven’t found answers for questions I outline below. Here are some options I found to implement:
Option 1: Keep JWT in… Continue reading Authentication with JWT
When I visit this website, Google Analytics cookies are being sent to it from my browser along with the request.
This goes against my whole understanding of cookies which is that cookies are only sent to the site that put th… Continue reading Why are third party cookies sent to second party websites?
This article from Auth0 recommend storing the JWT locally in a local storage (or cookie). But this article from OWASP recommend not to story any sensitive data locally (not even sessionStorage)
So, is it safe to store the JW… Continue reading Is it safe to store a JWT in sessionStorage?
I am currently working on an Application which is a single page application built with Angular. It is served over HTTPS, using HSTS.
For authentication, we are using Auth0. The Auth0 documentation recommends storing the acce… Continue reading Is the OWASP recommendation regarding localstorage still valid?
I have a angular service call to webapi , if webapi is got down , have to load the data from cache and the cache is expire after 20 minutes.
Which is better way to store the data?
LocalStorage – store upto 5 MB and lifetim… Continue reading Best Mechanism(Way) to Cache the data across application in client side app
MyKi.co claims to be able to transfer your passwords securely from your iOS device to the macOS without having to relay through their own servers. But how is this possible?
“Your sensitive data is not stored in the cloud.” -> https://myki.co/faq
It sounds like a spoof? It is not done through bluetooth or wifi apparently.
Continue reading How can MyKi transfer data from iOS to macOS without a server?