Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace sessionStorage with encrypted IndexedDb #33

Closed
manusa opened this issue Aug 21, 2018 · 0 comments
Closed

Replace sessionStorage with encrypted IndexedDb #33

manusa opened this issue Aug 21, 2018 · 0 comments
Assignees
@manusa
Labels
security Application security Spike
Milestone
MVP

Comments

@manusa
Copy link
Owner

manusa commented Aug 21, 2018
edited

  • Generate SHA-256 hash from serverHost-user to use as IndexedDB store key (userId)
  • Generate SHA-256 hash from serverHost-user-password to use as password key (hash)
  • Store userId and hash in sessionStorage -> Allows page refresh
  • If userId+hash exists in sessionStorage (PageReload), retrieve state from IndexedDB using userID as object key and restore encrypted state using hash as password to decrypt it.
  • When a new state is published/stored, if key/userId exists in sessionStorage, update IndexedDB entry.

Plain text Credentials are never stored in FE, not even in Encrypted IndexedDB -> Always use hashes

https://github.com/bitwiseshiftleft/sjcl/
@manusa manusa self-assigned this Aug 22, 2018
@manusa manusa added Spike security Application security labels Aug 22, 2018
manusa added a commit that referenced this issue Aug 23, 2018
@manusa
#33: Initial implementation
0545611
manusa added a commit that referenced this issue Aug 23, 2018
@manusa
#33: Store entities reload when user logs in or page is refreshed
91676f3
manusa added a commit that referenced this issue Aug 23, 2018
@manusa
#33: Clean + document
aec1cb5
manusa added a commit that referenced this issue Aug 23, 2018
@manusa
#33: Initial implementation
a213e3d
manusa added a commit that referenced this issue Aug 23, 2018
@manusa
#33: Store entities reload when user logs in or page is refreshed
59184ec
manusa added a commit that referenced this issue Aug 23, 2018
@manusa
#33: Clean + document
50a30b9
@manusa manusa closed this as completed Aug 23, 2018
@manusa manusa mentioned this issue Aug 24, 2018
Closed
@manusa manusa added this to the MVP milestone Mar 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@manusa manusa

Labels
security Application security Spike
Projects
None yet
Milestone
MVP
Development

No branches or pull requests
1 participant
@manusa