On 2016-02-24 12:36, Steven Ottz wrote:
> Thanks for the links. This is why it is so hard. One person says one thing > and another says something different till the point you are back in the same > place. > > -- > You received this message because you are subscribed to the Google Groups > "AngularJS" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/angular [1]. > For more options, visit https://groups.google.com/d/optout [2]. Yes, that's my feeling as well. My understanding is that currently there is *no* secure way to store confidential data on the client side. What seems to me to be the most secure way (and please note that I am not an security expert - I just spent several weeks reading different blog posts) is the solution by Alex Bilbie. But one has to implement a CSRF protection. A less laborious (but I guess also a less secure) solution is the Web Storage API (potentially with a fallback to cookies if the application has to be compatible with older browsers). But then one has to keep in mind the possibility of a XSS attack. But the threat of a XSS attack is there either way... -- Radek Links: ------ [1] https://groups.google.com/group/angular [2] https://groups.google.com/d/optout -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
