[Owasp-board] Tweet from Ar0xA (@Ar0xA)

Tobias tobias.gondrom at owasp.org
Wed Apr 22 13:46:54 UTC 2015


Actually, if I may suggest such technical questions might be even better 
on the community list.
Just a suggestion.
Best, Tobias



On 22/04/15 01:51, Jim Manico wrote:
> Yes, if you *really* need to persist sensitive data, sessionStorage is 
> MUCH better than localStorage.
>
> From https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet
>
>   * Use the object sessionStorage instead of localStorage if
>     persistent storage is not needed. sessionStorage object is
>     available only to that window/tab until the window is closed
>
>
>
>
> On 4/21/15 2:21 PM, Noreen Whysel wrote:
>> Anyone care to respond? Until I am a bit more up to speed on AppSec I 
>> think I will pass these on to the board list...
>>
>> 	*Ar0xA (@Ar0xA <https://twitter.com/ar0xa?refsrc=email&s=11>)*
>> 4/21/15, 1:49 AM 
>> <https://twitter.com/ar0xa/status/590391874411593728?refsrc=email&s=11>
>> @owasp <https://twitter.com/owasp> any arguments against/for 
>> sensitive data in html5 sessionStorage? w3c says "fine", but arent 
>> local atacks an issue? anything else?
>>
>>
>> Download the official Twitter app here 
>> <https://twitter.com/download?ref_src=MailTweet-iOS>
>>
>>
>> Noreen Whysel
>> Community Manager
>> OWASP Foundation
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150422/7d3f291a/attachment.html>


More information about the Owasp-board mailing list