将localStorage数据设为只读 [英] Make localStorage Data read-Only

问题描述

我正在开发AngularJs应用程序.

I am working on AngularJs application .

我以

localStorageService.set("selectedUserCategory",'Circle');

现在，当我看到浏览器的localStorage数据

Now When I see Browser's localStorage data

-应用程序
---- LocalStorage

-- Application
---- LocalStorage

我发现我的key-value为

selectedUserCategory:圈子"

但是该数据是可编辑的.即

如果我通过浏览器本身将数据从Circle编辑到Ci，它将保存为Ci，这可能是有害的，因为任何人都可以在此处更改数据.
因此，我想到了使其成为只读.有什么办法吗?

If I edit data from Circle to Ci through browser itself it gets saved as Ci, and this might prove harmful because anyone can change data from there .
So I thought of making it read-only . Is there any way of doing it ?

还有什么方法可以保护我的localStorage数据?
由于数据易于读取，因此我应该对其进行加密，然后保存??

Also is there any way to secure my localStorage data ?
Since the data is easily readable should I encrypt it and then save ??

推荐答案

正如@Carcigenicate所说，一旦将其放在浏览器中，没有什么是安全的.您可以执行的另一步骤是将加密数据存储在本地存储中.因此，普通用户很难编辑.而且，如果他进行编辑，它将无法解密，因此您可以使以下任务无效.

As said by @Carcigenicate nothing is secure once it's on browser. One more step you can do is to store encrypted data in local storage. So it will be difficult for normal user to edit. And if he edits it will not decrypt and thus you can invalid following tasks.

为防止进一步发生，您可以混淆/最小化您的javascript文件，因此普通用户很难使用您的加密算法.

To prevent further, you can Obfuscate/minify your javascript files so it's difficult for ordinary user to reach to your encryption algorithm.

或者，如果可能的话，使用公共密钥从服务器加密值，则只有解密逻辑位于前端.因此，即使用户获得了您的数据(甚至甚至还有公钥)，他也将无法对其进行加密(没有您的私钥)，从而使他无法更改数据.

Or if possible encrypt values from server, and using public key, only decryption logic will be on front end side. So even if user gets your data (AND public key even), he won't be able to encrypt it (without your private key) thus it makes impossible for him to alter data.

JSON网络令牌使用此原理，请访问 https://jwt.io/

JSON web token uses this principle, visit https://jwt.io/

这篇关于将localStorage数据设为只读的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！