Javascript localStorage (persistent cookies) |
Javascript localStorage (persistent cookies) |
Christian J |
Feb 15 2012, 04:55 PM
Post
#1
|
. Group: WDG Moderators Posts: 9,653 Joined: 10-August 06 Member No.: 7 |
The Javascript/DOM localStorage lets newer browsers store up to 5MB of data (per domain) on the HD. This seems very useful for developers, but few web users seem to know or care about the security/privacy implications. W3C itself points out the following vulnerability:
"7.2 Cross-directory attacks Furthermore, current browsers have no dedicated controls for viewing or deleting the localStorage data (unlike cookies). Maybe you can get rid of it by deleting all user history/cache data, or by using browser extensions. Personally I feel more and more reluctant to use Javascript at all with inventions like this. Some code examples and demos: http://www.javascriptkit.com/javatutors/domstorage.shtml (including workarounds for MSIE, which doesn't support localStorage yet). Here's a bookmarklet/favelet that shows what a site may have saved: http://potch.me/ls/ (e.g., http://twitter.com/ used localStorage when I tested). http://www.w3.org/TR/webstorage/ http://en.wikipedia.org/wiki/Web_storage (I put the thread in Off-Topic since I want to discuss the privacy/security issues rather than the actual scripting.) |
Christian J |
Feb 16 2012, 08:05 PM
Post
#2
|
. Group: WDG Moderators Posts: 9,653 Joined: 10-August 06 Member No.: 7 |
One possibly good consequence of localStorage might be that a site's database no longer has to store as much data about their users, which in turn means less to steal for someone breaking into the DB.
|
Lo-Fi Version | Time is now: 19th April 2024 - 03:40 PM |