Good evening, I have a question. I've made an application and I'm putting in a form with sensitive customer information. Up until now, I've been storing it in localStorage but as it's client-side, I want something secure. But I don't know how to do it. Thanks for your help
#localStorage
grave knoll
calm nestBOT
spare ice
local storage is pretty secure in itself, unless the actual device of the user is compromised
wheat cradle
If you want to add a layer of security inside your localStorage you can use this package
The data you'll keep inside the localStorage won't be human-readable
grave knoll
Ok thank you
wintry pulsar
If you want to add a layer of security inside your localStorage you can use this...
This package seems pretty pointless since it's a client-side encryption that can be easily reverted since you ship the package itself to the client.
It's like locking your door but leaving the key under the doormat.
grave knoll
This package seems pretty pointless since it's a client-side encryption that can...
Do you have advice or a solution please ?
wintry pulsar
It's impossible to fully secure data client-side since you still want to access it there. As such whenever you provide the functions to encrypt data client-side there must be a way to decrypt it locally.
You should figure out why you want to encrypt data and what the attack vector is.
In terms of security what are you afraid of?
Rather than just thinking you need to encrypt something.
Without factual evidence that it's necessary in the first place.
grave knoll
The data are address, phone number, …
wintry pulsar
That doesn't explain what are you doing with this data and why you think you need to encrypt it.
None of the forms to register an account on websites encrypts the data.
The question is why are you storing these in the local storage and what you're doing with it.
grave knoll
So I use this data to call an api that is Boxtal (for parcel delivery). And I need this data in differents pages, so I make it in the localStorage
I make it in the localStorage Because it’s user-friendly and it’s temporary.
wheat cradle
This package seems pretty pointless since it's a client-side encryption that can...
If I may, I think this package is pretty solid IMHO cause when I read the docs you basically set a secret key that only your browser has access to and in turn can decrypt the data. Changing the browser won't work even if the malicious user can copy those data in localStorage.
I agree with @wintry pulsar on having a clear intent or why you want your data to be secure and that will help you with the where.
@grave knoll For this use case I would just add it inside localStorage without thinking too much (If it's just the pgone number and the address).
Or you can get user data inside/before your API call (getUserInfo) so they never reach the client-side (if you're not making API calls in client components).
wintry pulsar
If I may, I think this package is pretty solid IMHO cause when I read the docs y...
A "secret key" you ship with your client-side bundle.
This should be your first red flag indicating how useless this package is.
grave knoll
I think I will store the data in a session in server side and retrieve it when I want to call the API. I think the problem in my app is that I am doing everything client side instead of separate the server and client side.