How secure is mobile HTML5 on-premises storage

Question

How secure is mobile HTML5 on-premises storage

I am looking to solve some performance problems on a mobile site, storing data entered in several forms in local storage.

I will clear the data about downloading and data cleaning on the last page, so no sensitive data will be left on the device after visiting the website on their mobile device.

I have a couple of problems:

Can another program access the data stored in the local storage?
If the user does not complete the process, can I indicate the expiration date of the data?
Example: I want the data to expire after 30 minutes, regardless of whether the user has completed the process, left the site, closed the browser

+3

security html5 local-storage mobile

Phill pafford Apr 05 '11 at 16:27

source share

1 answer

graham · Accepted Answer · 2011-04-05T16:53:56+0000

Take a look at sessionStorage, which works similarly to localStorage, but does not save any data after closing a tab / window / browser.

It will also be more secure than localStorage, since no data will be stored after the session ends. For more information on security, see the W3 Storage Specification .

However, if you store sensitive data, I would recommend cookies as data in sessionStorage, and localStorage can be viewed and edited by the user and potentially open to XSS attacks.

How secure is mobile HTML5 on-premises storage

More articles: