samedi 29 juillet 2017

Is a website safe from XSS attacks if there's no user-generated content?

I am working at writing a small website that should use an authentication system that requires me to store a token. Storing it in the localStorage would be for me the most convenient option at this stage, but as I understand, this is potentially vulnerable to XSS attacks. Now, the security requirements aren't very strict (no especially sensitive data would be exposed by a successful attack, the login is just used to keep track of who does what while on site), and there should be no user-generated content on the website (no comments or such), and anyway it's all passing through Angular.js. Does that sound like it's reasonably safe to use the localStorage alone, or should I still look into using it next to cookies for added security? Thanks!




Aucun commentaire:

Enregistrer un commentaire