如何将凭据存储在加密的 localStorages 中?
How to store credentials in the localStorages encrypted?
我有一个使用 JavaScript 运行的小应用程序。在此应用程序中,用户输入用户名和密码。我想加密这个用户名和密码,然后存储在浏览器的localStorage中。
我知道如何加密它,这是使用像 Crypto-JS 这样的库的简单部分
我的问题是:我应该使用哪个密钥来加密凭据,以便用户不必再次输入?
我使用 Paul S. 的答案来完成这个问题:
Don't do this. The way other sites & mobile apps do this is by making
a second "session" key that you keep in a database serverside and
expires after a longer time e.g. 2 weeks? which skips the logging in
step ('cos the server doesn't need to keep the session in memory
24/7). But this key becomes basically a plaintext password that if
shared/stolen could let anybody log in as you until it expires.
我有一个使用 JavaScript 运行的小应用程序。在此应用程序中,用户输入用户名和密码。我想加密这个用户名和密码,然后存储在浏览器的localStorage中。
我知道如何加密它,这是使用像 Crypto-JS 这样的库的简单部分
我的问题是:我应该使用哪个密钥来加密凭据,以便用户不必再次输入?
我使用 Paul S. 的答案来完成这个问题:
Don't do this. The way other sites & mobile apps do this is by making a second "session" key that you keep in a database serverside and expires after a longer time e.g. 2 weeks? which skips the logging in step ('cos the server doesn't need to keep the session in memory 24/7). But this key becomes basically a plaintext password that if shared/stolen could let anybody log in as you until it expires.