Are local storage variables secure? - Mobile - Forum

Posted by johncat on 13-Jun-2014 08:23

Is it safe to use one to, for example, save a password?

Posted by John Goodland on 16-Jun-2014 02:12

localstorage is just as vulnerable to being read by JavaScript as cookies are.

Plain-text login (such as username/password) information shouldn't be stored in localstorage, as if someone does get hold of them, they can continuously make a new session for themselves.

If you must store the password (which I would recommend not to) then you should encrypt this.

All Replies

Posted by John Goodland on 16-Jun-2014 02:12

localstorage is just as vulnerable to being read by JavaScript as cookies are.

Plain-text login (such as username/password) information shouldn't be stored in localstorage, as if someone does get hold of them, they can continuously make a new session for themselves.

If you must store the password (which I would recommend not to) then you should encrypt this.

Posted by johncat on 16-Jun-2014 03:48

Thanks for the reply. Does that mean a local storage variable saved in one app can be read from another?

Posted by John Goodland on 20-Jun-2014 02:09

It sure can.

This thread is closed