HTML5本地存储对移动设备的安全性 [英] How secure is HTML5 local Storage for a Mobile Device
问题描述
我希望通过将以多种形式输入的数据存储到本地存储中来解决移动网站上的一些性能问题.
I'm looking to work around some performance issues on a mobile site by storing the data entered on multiple forms into the local Storage.
我将清除正在加载的数据,并清除最后一页上的数据,因此在他们访问其移动设备上的网站后,设备上将不会保留任何敏感数据.
I will be clearing the data on load and clearing the data on the last page, so no sensitive data will be left on the device after they visit the website on their mobile device.
我确实有一些担忧:
- 另一个程序可以访问我存储在本地存储中的数据吗?
- 如果用户没有完成该过程,我可以在数据上放置一个到期日期吗?
示例:我希望数据在30分钟后过期,无论用户是否已完成该过程,离开网站,关闭浏览器
- Can another program access the data I store in local storage?
- If the user doesn't complete the process can I place a expiration date on the data?
Example: I want the data to expire in 30 minutes regardless if the user has finished the process, left the site, closed the browser
推荐答案
看一下sessionStorage,它与localStorage的工作原理相似,但是一旦关闭了选项卡/窗口/浏览器,便不会保留任何数据.
Take a look at sessionStorage, which works similarly to localStorage but doesn't keep any data once a tab/window/browser is closed.
这也比localStorage更安全,因为会话结束后将不保留任何数据. W3存储规范.
This would also be more secure than localStorage as no data would be kept once a session has ended. There is more details on security in the W3 Storage spec.
但是,如果您要存储敏感数据,我建议使用cookie,因为sessionStorage和localStorage中的数据可以由用户查看和编辑,并且可能会受到XSS攻击.
However if you're storing sensitive data I'd recommend cookies as data in sessionStorage and localStorage can be viewed and edited by the user and is potentially open to XSS attacks.
这篇关于HTML5本地存储对移动设备的安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
