英文:
Sensitive data on the client side
问题
在客户端包含敏感数据。
如何在客户端包含用户ID或其他敏感数据,并在之后检索它,而不允许客户端更改它?
例如:
<li data-user-id="1">name</li>
英文:
Including a sensitive data on the client side.
How can I include the user id or other sensitive data in the client side, and retrieve it after that without allows to the customer to change it in the #clientside?
For example:
<li data-user-id="1">name</li>
答案1
得分: -1
你最好的选择是使用像JWT这样的加密方式,并将用户数据存储在有效载荷中。不要在客户端共享私钥,以防止令牌被篡改。
或者在用户登录后创建一个Cookie并将其与用户ID一起保存在数据库中。将Cookie令牌存储在用户的Cookie中。用户使用Cookie登录,你可以通过Cookie知道是哪个用户。如果他们更改了Cookie令牌,那么它将与数据库中的不匹配。
英文:
Your best choice is to use some encryption like JWT and store the user data in the payload. Don't share the private key on the client side so the token can't be tampered with.
Or after login of the user creates a cookie and saves it in the database alongside the user id. Store the cookie token in the cookies of the user. The user logs in with the cookie and you know which user it is by the cookie. If they change the cookie token then it won't match the ones in the database.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论