[Owasp-board] Tweet from Ar0xA (@Ar0xA)

Jim Manico jim.manico at owasp.org
Wed Apr 22 00:51:06 UTC 2015


Yes, if you *really* need to persist sensitive data, sessionStorage is 
MUCH better than localStorage.

 From https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet

  * Use the object sessionStorage instead of localStorage if persistent
    storage is not needed. sessionStorage object is available only to
    that window/tab until the window is closed




On 4/21/15 2:21 PM, Noreen Whysel wrote:
> Anyone care to respond? Until I am a bit more up to speed on AppSec I 
> think I will pass these on to the board list...
>
> 	*Ar0xA (@Ar0xA <https://twitter.com/ar0xa?refsrc=email&s=11>)*
> 4/21/15, 1:49 AM 
> <https://twitter.com/ar0xa/status/590391874411593728?refsrc=email&s=11>
> @owasp <https://twitter.com/owasp> any arguments against/for sensitive 
> data in html5 sessionStorage? w3c says "fine", but arent local atacks 
> an issue? anything else?
>
>
> Download the official Twitter app here 
> <https://twitter.com/download?ref_src=MailTweet-iOS>
>
>
> Noreen Whysel
> Community Manager
> OWASP Foundation
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150421/3f6865bc/attachment.html>


More information about the Owasp-board mailing list