[Owasp-board] Tweet from Ar0xA (@Ar0xA)
Jim Manico
jim.manico at owasp.org
Wed Apr 22 00:51:06 UTC 2015
Yes, if you *really* need to persist sensitive data, sessionStorage is
MUCH better than localStorage.
From https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet
* Use the object sessionStorage instead of localStorage if persistent
storage is not needed. sessionStorage object is available only to
that window/tab until the window is closed
On 4/21/15 2:21 PM, Noreen Whysel wrote:
> Anyone care to respond? Until I am a bit more up to speed on AppSec I
> think I will pass these on to the board list...
>
> *Ar0xA (@Ar0xA <https://twitter.com/ar0xa?refsrc=email&s=11>)*
> 4/21/15, 1:49 AM
> <https://twitter.com/ar0xa/status/590391874411593728?refsrc=email&s=11>
> @owasp <https://twitter.com/owasp> any arguments against/for sensitive
> data in html5 sessionStorage? w3c says "fine", but arent local atacks
> an issue? anything else?
>
>
> Download the official Twitter app here
> <https://twitter.com/download?ref_src=MailTweet-iOS>
>
>
> Noreen Whysel
> Community Manager
> OWASP Foundation
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150421/3f6865bc/attachment.html>
More information about the Owasp-board
mailing list