Description
Is local storage a safe option?
Nowadays many developers are using local storage as an option to save temporary information and settings that are given from the users on a website. How safe is that?
The first question that needs to be answered is what type of information is saved on a local storage?
If the information that is saved on local storage contains non sensitive information such as settings for a page filter for example then that is OK. If local storage is used to save sensitive information such as personal data then there is a huge security problem.
Why is a security problem if we save personal information on local storage?
The problem is that any JavaScript code that is implemented on the website can read these data with ease. This means if a hacker for example has achieve to execute JavaScript code on a website then he can have access to all these information. Local storage has no data protection and this is a big loss for security.
Local storage is no secure storage mechanism in a browser. It is only there for simple tasks that developers could use to build advanced website configuration.
What can we do instead of using locale storage for sensitive information then?
Aside from having a TLS protection on the whole of your environment you should store this information server-side always.