2

I am creating Blazor WebAssembly App and trying to figure how can i Encrypt/Protect data stored in Session Storage/ Local Storage ?

NSS
  • 1,513
  • 2
  • 21
  • 57
  • Why would you do that? The .NET assemblies are being downloaded to the client, so the code that decrypts (as well as the key) can easily be decompiled anyway... – C. Augusto Proiete Jul 08 '20 at 03:49
  • Well i get your point but isn't making it harder a better than leaving it plain text ? – NSS Jul 08 '20 at 20:09
  • Better for what? What are you trying to do/stop people from doing? People that are technical enough to read data from the local storage, most likely can also decompile a .NET assembly... – C. Augusto Proiete Jul 08 '20 at 22:49
  • 1
    it like saying because thieves can break the locks, it is better to leave doors open no need to put locks. – NSS Jul 11 '20 at 20:38
  • 1
    No, it's like saying "_[Security by obscurity](https://en.wikipedia.org/wiki/Security_through_obscurity) is not a good strategy_" and it's not worth your time and effort (IMO). If the information must be secured, it should be stored on the server-side instead – C. Augusto Proiete Jul 12 '20 at 00:33
  • 5
    Come on folks! He can make use of some obfuscate tools in order to protect the code from being decompiled. So, I think it worth while having some way do encrypt the data, right ? Well friend, take a look at this post: https://www.npmjs.com/package/secure-web-storage And here: https://stackoverflow.com/questions/17280390/can-local-storage-ever-be-considered-secure You can find some solutions. Hope it helps. Let me know if is enough. – Fábio Marcos Euzébio Sep 02 '20 at 20:53
  • 2
    There is a package for that and it was integrated into Blazor 5 preview8. But you have to think carefully about for who you want to hide information. A SPA runs in the client browser, you can't keep it from the regular user. – Henk Holterman Sep 03 '20 at 06:01
  • @HenkHolterman In my reading about MS's protectedlocalstorage, you must do that on the server side. It seeems to rely on building your app using the blazor server app template. – silverfox1948 Nov 01 '20 at 17:21
  • Yes, it is server-side. I didn't realize that then. – Henk Holterman Nov 04 '20 at 07:37

0 Answers0