GENERAL CLIENT-SIDE STORAGE SECURITY
• What browsers are supported?While there are some frameworks like Dojo.Storage
that attempt to abstract away the differences between storage methods, you could
end up with a poorly implemented feature depending on which browser your users
access your application with.
• Does the storage method offer persistent, nonpersistent, or both forms of data
storage? If you can only store data persistently, it is up to you to implement code to
delete and purge data when appropriate.
• How much data can you store?What is the default capacity? What is the maximum
capacity? It does not matter how appealing the other features of a storage method
are if it cannot offer enough space for your application.
• What data types can you store? If a storage method can only save strings, then you
will have to handle serialization and deserialization of other data types. As mentioned
earlier, this is a step that attackers like to focus on because it is very easy to
cause Denial of Service attacks in custom serialization and deserialization code. Be
aware of which storage methods force you to do some heavy lifting.
• What are the access policies for the storage method?What other domains, services,
and Web pages can access the data by default? What features does the storage
method have that allow you to limit who can access the data?
• How do you clean up or remove old data? Leaving unnecessary data around isn’t
just sloppy, it can also be a security vulnerability.While no secret can be protected
on the client, leaving the sensitive data scattered all around for long periods of time
isn’t going to help matters. Pay attention to which methods automatically delete data
for you or allow you to set an expiration date for the data.
• How easy is it for the user to delete the data? If you pick a volatile storage method,
your application will need to handle situations in which the client-side data disappears.
You did write your application to handle errors gracefully, right?
• How easy is it to read the data stored on the machine? Attackers can definitely read
any data you store on the client, regardless of the method you pick. The real question
is, how much work must an attacker perform to read what is stored? Never, never,
never store anything secret in client-side storage!
• How easy is it to modify the data stored on the machine? Attackers can definitely
modify any data you store on the client, regardless of the method you pick. The real
question is, how much work must an attacker perform to write over the stored data?
This is an excellent vector to launch attacks and is another example of input that
requires validation.
that attempt to abstract away the differences between storage methods, you could
end up with a poorly implemented feature depending on which browser your users
access your application with.
• Does the storage method offer persistent, nonpersistent, or both forms of data
storage? If you can only store data persistently, it is up to you to implement code to
delete and purge data when appropriate.
• How much data can you store?What is the default capacity? What is the maximum
capacity? It does not matter how appealing the other features of a storage method
are if it cannot offer enough space for your application.
• What data types can you store? If a storage method can only save strings, then you
will have to handle serialization and deserialization of other data types. As mentioned
earlier, this is a step that attackers like to focus on because it is very easy to
cause Denial of Service attacks in custom serialization and deserialization code. Be
aware of which storage methods force you to do some heavy lifting.
• What are the access policies for the storage method?What other domains, services,
and Web pages can access the data by default? What features does the storage
method have that allow you to limit who can access the data?
• How do you clean up or remove old data? Leaving unnecessary data around isn’t
just sloppy, it can also be a security vulnerability.While no secret can be protected
on the client, leaving the sensitive data scattered all around for long periods of time
isn’t going to help matters. Pay attention to which methods automatically delete data
for you or allow you to set an expiration date for the data.
• How easy is it for the user to delete the data? If you pick a volatile storage method,
your application will need to handle situations in which the client-side data disappears.
You did write your application to handle errors gracefully, right?
• How easy is it to read the data stored on the machine? Attackers can definitely read
any data you store on the client, regardless of the method you pick. The real question
is, how much work must an attacker perform to read what is stored? Never, never,
never store anything secret in client-side storage!
• How easy is it to modify the data stored on the machine? Attackers can definitely
modify any data you store on the client, regardless of the method you pick. The real
question is, how much work must an attacker perform to write over the stored data?
This is an excellent vector to launch attacks and is another example of input that
requires validation.
Comments (0)
Post a Comment
Cancel