LOCAL STORAGE DEFINITION
It is important that the user clears the local storage after every session as all browser sessions are insecure and can be accessed by the browser even by the authentication protocols installed as plugins. Cookies are mostly stored in the web browser, however in an angular based application, cookies can be created and stored in Local Storage as well these Local storage Cookies can also cause vulnerabilities, therefore using browser cookie API we can set the expiration time for the cookie.
JSON WEB TOKENS
Cookies are often insecure and can be used for scanning vulnerabilities of a web application which can later be used to conduct a cross site scripting attack. A better option to replace the web cookies would be to create JSON web tokens they enable the user to store session data securely in the local storage in the Local Storage API. The main reason for using JSON web tokens is that they offer encrypted packets, making them accessible to local storage but the digital signature associated with them makes them safe to store.
DATA HOLDING OF LOCAL STORAGE
It is important that the local storage is only used for storing the data related to the configuration of the web application, even if multiple encryption methods are applied it is highly recommended that the sensitive information of the user is not kept in the local storage instead some resources of the web application that the user might call should be precached in the session and local storage so that user makes lesser number of requests to the server effectively decreasing the possibility of man in the middle attacks.
Another method to enhance the local storage security would be to use third party angular libraries that are also providing other features besides security, a common example would be to add the secStore.js data storage API for choosing the preferred storage method of the website data generated from the local, session and cookie storage. Another function for encrypting the local storage would be to use Lockr wrapper API for local storage, as it would limit the user to store only string data, denying the storage of user passwords and other verification data in the local Storage.
LOCAL STORAGE REFERANCE
Another great practice to improve local Storage security would be to create a reusable reference of local storage which can get a function returning the local object. This would allow the user to encapsulate the data and privatize variables.
Leave a Reply