React-starter-kit: How to secure redux data-initial-state
Hi all,
Have any way to secure redux data-init-state below image:
fchienvuhoang
All 15 comments
+1
it feels odd seeing everything just laid out there for everybody. I know you can get that data if you want but at least not straight forward like that.
upq
on 12 Jul 2016
Enable Content Security Policy
frenzzy
on 12 Jul 2016
Hello @langpavel, how do you think ? :)
fchienvuhoang
on 12 Jul 2016
+1
voquockhanh
on 12 Jul 2016
You need to hide information on the transfer or make not readable?
alexsuslov
on 12 Jul 2016
yeh, could hide it ?, or some way to encrypt it. I think data can be leaks when see them in data-initial-state.
fchienvuhoang
on 12 Jul 2016
may be base64 ?
console.log(btoa("test"));
dGVzdA==
console.log(atob(btoa("test")));
test
alexsuslov
on 12 Jul 2016
May be... But encryption - decryption it's the best option ? :)
fchienvuhoang
on 12 Jul 2016
there is an option to do bit operations. they are fast.
or https://www.npmjs.com/package/crypto-js
alexsuslov
on 12 Jul 2016
I argee with you, and I think it's the best way. Thanks @alexsuslov
fchienvuhoang
on 12 Jul 2016
Security by obscurity is no security at all. If you are unhappy to see this in, you can just delete data-initial-state attribute in DOM after it value is readed here. But this will do not protect your data.
langpavel
on 12 Jul 2016
@alexsuslov If you need decrypt data on client, you need key on client. It is not secure because all you need for decrypting can be achieved
langpavel
on 12 Jul 2016
how to ! :|
fchienvuhoang
on 12 Jul 2016
Closing this with only real solution from @frenzzy: Enable Content Security Policy
langpavel
on 12 Jul 2016
Thanks @langpavel
fchienvuhoang
on 12 Jul 2016
Related issues
blz-ea
路
3Comments
Bogdaan
路
3Comments
fchienvuhoang
路
3Comments
buildbreakdo
路
3Comments
wyattbiker
路
3Comments
Most helpful comment
@alexsuslov If you need decrypt data on client, you need key on client. It is not secure because all you need for decrypting can be achieved