localStorage encryption algorithms - javascript

I am using localStorage to store token values and other basic user details for an offline mechanism in an Ionic application. localStorage is not a secure way to store sensitive data. Is there any plugin or any other way to store such data so that it is protected? I am targeting all three platforms, Windows Phone, iOS, and Android.

I came across a cordova plugin called secured storage plugin for this. I hope this should do the trick for you as it keeps the data secured.

Related

Store persistent data without a web server for Chrome Extension

Is there any way to store persistent data for Chrome Extensions without using a web server?
Is Chrome storage persistent? https://developer.chrome.com/apps/storage
I want to avoid the costs of a server, but I also don't think localStorage is good enough because the user can delete it.
In fact, the only persistent data I need to store is the accounts that have logged into the extension on the device itself, so that info might be stored by Google's servers already?
I don`t think there is an non-server way to store extension data without user being able to modify it.
However there are lot of great services that offer free plans for many platforms eg. Heroku

SQLite database with javascript

I have a requirement where I have a postgresql database in a web site.
I want to run my web site in offline mode but the problem is that I have many ajax calls in my website which will not work in offline mode.
So I am considering using sqlLite but I don't know how to configure it, how to write JavaScript code, or even know if the users need to install sqlite in their browser or PC. Can anyone help to overcome this requirement?
I have used some local storage like Indexed DB it will work but that is called sqlLite or not I don't know.
please help
You do not need to work with Sqlite for addressing this, only take a look at following link for how to make web pages available for offline viewing.
If you namely want to use some database it is possible to use SQLite.
Look at https://github.com/kripken/sql.js/
Be care of using SQLite requests in main UI thread. Do not forget to implement workers for SQLite.
I'm pretty sure that you do not need SQLite.
Try using HTML5 LocalStorage API.
https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage
The Storage interface of the Web Storage API provides access to the session storage or local storage for a particular domain, allowing you to for example add, modify or delete stored data items.
If you want to manipulate the session storage for a domain, you call Window.sessionStorage method; If you want to manipulate the local storage for a domain, you call Window.localStorage.
https://developer.mozilla.org/en-US/docs/Web/API/Storage

Is it possible to perform database operation on locally stored DB through javascript (WebSQL or Indexeddb)

i am developing offline web app for android platform and i want to use offline database for it. Is there any way to connect to locally stored database through javascript. like
var db = opendatabase("file:///android_asset/myLocalDb.db");
var Records = db.executeSQL("Select * form myTable");
echo Records;
I use PouchDB. It is a NoSQL type database backend, but has great cross platform support so you don't have to worry about the underlying storage mechanism across browsers. If you have flexibility on the database type, it may be the easiest solution.
Are you making a Cordova app, or in-browser hybrid offline but specifically targeting Android? You can use SQL Lite with Cordova and bubble up from your Javascript to access the db. Check out: https://stackoverflow.com/a/26609184/1011603
Yes, it is possible to package your application and data file as web app by packaging appcache. Since browser manage data storage for database (indexeddb or websql), it is not possible to specify them by your file name.

Persistent storage in browser

Currently we are using localStorage as persistent storage in our application. But we noticed that it is prone to data loss. Here is some links which supports this:
HTML5 Local Storage Not Persistent
localStorage data persistence
http://www.sencha.com/forum/showthread.php?132952-localstorage-doesn-t-save-all-data
So now I'm searching for a new solution. It will be good if this solution is supported by chrome/safari at iOS/Android. Could someone suggest something?
if its a website then, there is no means of persistent storage on browser. localstorage, database, cookies, everything is erased if user don't require them. So the only option would be to store the data on the server.
OR
if it is a mobile app (phonegap), then you can use SQL Lite.

Authentication on Sencha Touch and remote Server

I would like to have your feedback regarding Authentication mechanism for an Application using PhoneGap and Sencha Touch and a Server in .NET with Active Directory.
So we need to store User credentials on the Mobile Device so a User does not have to re-enter Login and Psw, every time he wish to use the application.
01 - IDEA - Cookies
For my understanding Sencha Touch does not have directly any libraries for managing Cookies.
In order to use cookies I should install "Sencha Ext Js" the base library for Sencha and using
Ext.util.Cookies class. This library it should not be free.
I'm afraid to still have problem with CROS domains regarding working with cookies and IOS security issue.
Also Phonegap does not provide any cookie abstraction, as there are plenty of other tools to do that already (Phonegap just wraps up smartphone functionality, not basic browser functionality).
I could use potenticalyy jQuery, and maybe try jquery-cookie plugin.
02 - IDEA - HTML5 Local Storage
Sencha Touch offer an API for HTML5 Local Storage, so instead to write a cookie, I could save the credential in the Local Storage.
Local data should be kept by the browser for an undefined ammount if time even if the device is turned off.
When a user click the app, I can take the Local Data and sending to the server, the server will authenticate the user.
Despite of the mechanism I have an issue with security.
A)
- Istore the UserName and Pasword as plain text, in a Cookie or in Local Storage and forward to the server.
no encryption is involved, the authenication should work. Cons: It is very easy to read the Cookies and the Local Storage so it is not the state of art for security.
B)
- I store the UserName as plain text and instead for the Pasword I store a "Forms authentication tickets" in a Cookie or in Local Storage and forward to the server.
Ecryption on the server is involved for the "Forms authentication tickets". PRO: High security, CONS: Take time to develope it.
NOTE: Security, the Tickets are encrypted using configuration element of the server's Machine.config file.
My question:
Do you have any experience on of of this scenario?
Do you have a better approach?
Some days ago I have posted Simple Login project to github, you may found it helpful. It works in Webkit browser & on iPhone. Android was not tested.

Categories