客户端敏感数据

huangapple go评论110阅读模式
英文:

Sensitive data on the client side

问题

在客户端包含敏感数据。
如何在客户端包含用户ID或其他敏感数据,并在之后检索它,而不允许客户端更改它?
例如:

<li data-user-id="1">name</li>
英文:

Including a sensitive data on the client side.

How can I include the user id or other sensitive data in the client side, and retrieve it after that without allows to the customer to change it in the #clientside?

For example:

&lt;li data-user-id=&quot;1&quot;&gt;name&lt;/li&gt;

答案1

得分: -1

你最好的选择是使用像JWT这样的加密方式,并将用户数据存储在有效载荷中。不要在客户端共享私钥,以防止令牌被篡改。

或者在用户登录后创建一个Cookie并将其与用户ID一起保存在数据库中。将Cookie令牌存储在用户的Cookie中。用户使用Cookie登录,你可以通过Cookie知道是哪个用户。如果他们更改了Cookie令牌,那么它将与数据库中的不匹配。

英文:

Your best choice is to use some encryption like JWT and store the user data in the payload. Don't share the private key on the client side so the token can't be tampered with.

Or after login of the user creates a cookie and saves it in the database alongside the user id. Store the cookie token in the cookies of the user. The user logs in with the cookie and you know which user it is by the cookie. If they change the cookie token then it won't match the ones in the database.

huangapple
  • 本文由 发表于 2023年7月11日 06:21:40
  • 转载请务必保留本文链接:https://go.coder-hub.com/76657684.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定