I'm doing an application in ionic and i need to use session to maintain data. I use localStorage but i want to know is it safe for sensitive data?Is there a way encrypt the data or other way to make it safe?Or is there another way to make session in an ionic application?
Is the data used in session with localStorage in ionic application safe?
275 Views Asked by Claudiu At
1
There are 1 best solutions below
Related Questions in SECURITY
- Can MVC.NET prevent SQL-injection at razor or controller level?
- Forgotten password reset page: should the user need to enter a username/email as well?
- Dynamic roles list in CustomAuthorize ASP MVC
- Access roles from multiple applications
- How to Fix TLS CBC Incorrect Padding Abuse Vulnerability on Windows 2003 Server
- Evernote Web Clipper and Content Security Policy
- Invalidate user credentials when password changes
- Spring Boot MVC non-role based security
- Correct Captcha behaviour on error
- Is macro more secure than static const if I don't want someone to know or change the hardcode value?
- In Android, ensuring only pre-decided users can only use the app
- Authenticating plain text passwords against md5 hash in DB using Apache Shiro
- Symfony2 - handle HTTP/Entity user access restrictions
- Client side computation without exposing code?
- searchable row level encryption using java?
Related Questions in SESSION
- Access property of an object of type [Model] in JQuery
- __PHP_Incomplete_Class Object even though class is included before session started
- Safari Extension not geting session Info
- Laravel: Locale Session: Controller gets Parameter to change it but it cant. U have to hardcode it
- Does OPEN SYMMETRIC KEY (SQL Server) remain in scope on a server farm?
- Superagent share session / cookie info with actual browser
- Session Destroyed on page refresh
- MVC Referencing strongly typed session objects on my view
- What is the best way to persist a global array in php?
- Error in indicies while unsetting Sessions
- Server side PHP session is not working in android
- Laravel - session data survives log-out/log-in, even for different users
- The page isn't redirecting properly when I logout
- Session array unset and delete row
- Validating a login using PHP
Related Questions in IONIC-FRAMEWORK
- CFBundleDocumentType is not working in myproject-Info.plist file
- ionic build android failure - Execution failed for task processDebugResources
- Android Status Bar Icon Size - Using Cordova / Phonegap Push Plugin
- how to show alert when user scroll to top of div in angular js?
- ionic serve uncaught exception
- Parse.com - setting up push notifications for single users
- Understanding the function of this particular 9 patch image
- CORS in ionic app and django
- How to use embedded Ruby HTML files with Ionic and Cordova
- Ionic cordova build
- Input ng-model not updating in Main view
- ng-click event not getting cleared in Ionic app
- How to show image caption in ionicframework?
- whitelisting a domain in ionic app
- Adding visionmedia/debug to an Ionic/AngularJS application
Related Questions in THREAD-LOCAL-STORAGE
- A thread private list but shared with methods
- How to iterate through boost thread specific pointers
- Protecting thread-local storage of a thread from other threads
- Function local statics generate faulty code for Windows XP
- Is the data used in session with localStorage in ionic application safe?
- repeat string instructions uses extra segment (ES) or not?
- Detect if mips gcc supports __thread directive
- No luck compiling __thread using ndk clang 3.4/3.5
- Why does this usage of thread_local crash?
- Spurious App Crash due to DLL injection because of Thread Local Storage?
- How to release the object in a TLS-slot at thread exit on Windows?
- How to set up thread-local accumulators for Java parallel streams that are visible to the main thread
- Is it possible for multiple Dynamic Link Libraries (DLL) to share Thread Local Storage from a Static Library (LIB)
- Thread Specific Data vs Thread Local Storage
- dynamic initialization of function scoped static __thread variables in clang
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
I wanted to see your answer about what you call "sensitive information", before creating this answer, and now that I know it, Why would you want to keep information like the password in the local storage? First of all, you should not know your user's passwords at all, you should just save a hash of your user's password in your database and only that. Your cookies, local storage and all those client-side storage mechanisms are just for user preferences, session tokens and stuff like that, and it should never be used to store sensitive information, since that information can be modified by the user or even worse, it might be readed by an attacker.
I know that your question is about a safe way to store this information in the client side, but the answer here is that you should not be doing that at all. Yes, you could do something like encrypting the information (and only decrypting in your server, since to do it in the client side, you'll need the key and again, the key can be readed by an active attacker and then he'll be able to decrypt the information), but information like that has no reason to be stored in the client side, if you're doing it for authentication purposes, then you should be using sessions and cookies.
Maybe I got it wrong and you're doing it for a particular reason, and if it's like that, feel free to tell me that reason, so we can find a different solution, because I'm 100% sure that you don't really need to store information like the password.