HTML5客户端数据加密 - 我的选择是什么？ [英] HTML5 Client Side Data Encryption - What are my options?

问题描述

我正在编辑：移动网络应用程序，其中显示一些敏感信息，需要在HTML5会话中存储成员用户名和密码的登录名。用户名和密码当前存储在未加密的状态，因为我们需要在每个页面加载时使用此用户名和密码访问客户端远程Web服务。

I am working on a mobile web app which displays some sensitive information and requires a login which stores the members username and password in a HTML5 Session. The username and password are currently stored in an un-encrypted state for the reason that we need to use this username and password on each page load to access the clients remote web-service.

编辑：经过安全审查后，我们的客户提出了以下担忧：

After a security review our client raised the following concern:

会话存储信息可能存储在磁盘上（例如浏览器）因为这个原因，会话存储中不应加密存储敏感信息，因此会话超时时可以存储用户ID和会话令牌，但不建议使用密码/ PIN码的存储。

"There is the potential that Session Storage information can get stored on disk (e.g. on a browser crash). For this reason no sensitive information should be stored unencrypted in session storage. User ID’s and session tokens can be stored since session timeouts are implemented however storing of passwords/PINs is not recommended."

什么是最好的/最安全的方法来加密和解密敏感数据存储客户端？

What would be the best/most secure method of encrypting and decrypting sensitive data stored client-side?

谢谢！

推荐答案

请参阅 HTML5 Web数据库安全性

客户端加密库
尚未成熟或测试得很好

client-side encryption libraries aren't mature or tested well enough

...但一年前，已经错误

...but it's been a year ago, so that could be false already

这篇关于HTML5客户端数据加密 - 我的选择是什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！