To save the token in localstorage to avoid logging in every time when launching the app, I found the following link. However, is it secure?
Ionic - How to store session token as globally (for app) accessible variable?
Asked
Active
Viewed 1,051 times
2 Answers
0
Storing the token simply in local storage may be a secuirty threat you may use Crypto to encrypt data and then decrypt using a secrate key when you need it Something like:-
var secretKey = 'your-secret-key';
var encryptedData = CryptoJS.AES.encrypt(yourtoken, secretKey).toString();
store this encryptedData
and when you need it back
var encryptedValue = valuefrom your local;
var decryptedData= CryptoJS.AES.decrypt(encryptedValue, secretKey)
-
4How will you secure your 'your-secret-key' ? – yeaske Nov 29 '17 at 05:04
0
No, localStorage alone is not secure enough for the storage of access and/or session keys. You should encrypt the data (and not store the encryption key in your app code).
You can use the Cordova SecureStorage plugin to do this:
https://github.com/Crypho/cordova-plugin-secure-storage
It works pretty much the same as localStorage and lets you simply set and get key/value pairs.
Since the Android implementation of this secure storage uses the KeyStore, the users must have a secure screen-lock set (like fingerprint, pattern or PIN). The plugin provides functions to check this, so you will be able to give a warning (or block login) if this is not the case. Without a locked screen there is no way to save your keys in a secure way on Android.
JanP
- 1,579
- 2
- 16
- 27