发表新帖
发表新帖

HTML5 Client Side Data Encryption - What are my options?

后端 未结
关注
9 802
离开以前
离开以前 2020-12-05 03:23

I am working on a EDIT: mobile web app which displays some sensitive information and requires a login which stores the members username and password in a HT

相关标签:
9条回答
  • 走了就别回头了
    2020-12-05 04:01

    Hi instead of storing the username and password, can you not create some sort of "session" with the remote server and instead transmit an authentication token?

    Storing a username and password anywhere in the client side gives me the shivers.

    Perhaps of looking for ways of storing the username / password safely, look for ways of removing the need to store it at all.

    However of course I'm saying this without knowing the full background... I'm guessing there is a good reason to need to store the username / password.

    0 讨论(0)
  • 夕颜
    2020-12-05 04:02

    David Dahl, a Firefox engineer, has a prototype Firefox extension, domcrypt (repository on github), that provides Javascript access to Firefox's NSS (Network Security Services) APIs. Since Chrome also uses NSS, providing the same API is probably straightforward for it as well.

    He's pushing Mozilla to evolve it a bit more for eventual inclusion within Firefox; we'll see what happens.

    0 讨论(0)
  • 长情又很酷
    2020-12-05 04:03

    See this HTML5 Web DB Security

    client-side encryption libraries aren't mature or tested well enough

    ...but it's been a year ago, so that could be false already

    0 讨论(0)
  • 春和景丽
    2020-12-05 04:05

    Storing sensitive user credentials are really not a good design. Instead generate a authenticated token from server using, say, sprint framework. You can then store the same in localstorage using the Web DB Security module.

    0 讨论(0)
  • -上瘾入骨i
    2020-12-05 04:15

    More recent browser versions should support Web Crypto API.

    1. See the live test page if you browser works
    2. The w3c Webcrypto API description
    3. Mozilla Developer Network Info on WebCrypto API

    0 讨论(0)
  • 不知归路
    2020-12-05 04:18

    I have to say if your creating a session data 1 is that not,- stored on the server not client side thus no one sees the session data or at least it should be done that way via asp, or php, ect so have the app require internet and retrieve the info from a web server and don't store it on the client side. 2 if this does deal with client side like dealing with streaming a video, or images or you have to create some files on the client side storing the key on the clients mobile device is the only way. Thus either have the key with a short ttl to decrypt the data, the key given through some form of authentication or certificate, or a key installed from your main office and encrypt the device in case they loose it. I not found and encrypt function I like to suggest yet for you.

    0 讨论(0)
 看不清?
提交回复
热议问题