Sensitive data stored in client-side storage
Need
Secure storage of sensitive data
Context
- Usage of C# for building robust and scalable applications
- Usage of Microsoft.AspNetCore.Mvc for building web applications with ASP.NET Core
- Usage of Microsoft.AspNetCore.Http for handling HTTP requests and responses in .NET Core applications
Description
Non compliant code
public class HomeController : Controller
{
public IActionResult Index()
{
HttpContext.Session.SetString("SensitiveData", "This is some sensitive data");
return View();
}
}
In this vulnerable code, sensitive data is being stored on the client-side using ASP.NET Core's session storage. The HttpContext.Session.SetString method is used to store a piece of sensitive information, in this case, a string "This is some sensitive data".
This storage method is insecure because the data is stored in the user's browser and can be easily accessed by anyone who can open the developer tools in the browser. It's also vulnerable to Cross-Site Scripting (XSS) attacks, where an attacker can inject malicious scripts to steal the stored data.
In addition, if the user's browser is compromised or if the user is using a public computer, the data could be accessed by others. Furthermore, this data will persist in the user's browser even after they have closed their session, which increases the risk of unauthorized access.
The sensitive data should be stored server-side, encrypted, and only sent to the client when necessary. It should also be removed from the client-side storage immediately after it is used.
Steps
- Identify the sensitive data that is being stored in the client-side storage.
- Determine the appropriate security requirements for the sensitive data.
- Avoid storing sensitive data in client-side storage such as localStorage or sessionStorage.
- Instead, use server-side storage options like cookies to store sensitive data.
- Define the necessary security attributes for the cookies to ensure confidentiality and integrity of the data.
- Implement the necessary logic to store and retrieve the sensitive data using cookies.
- Ensure that the sensitive data is encrypted and properly secured during storage and transmission.
- Regularly review and update the security measures to protect the sensitive data.
Compliant code
public class HomeController : Controller
{
public IActionResult Index()
{
var options = new CookieOptions
{
HttpOnly = true,
Secure = true,
SameSite = SameSiteMode.Strict
};
var encryptedData = Encrypt("This is some sensitive data");
Response.Cookies.Append("SensitiveData", encryptedData, options);
return View();
}
private string Encrypt(string data)
{
// Implement your encryption logic here
// This is a placeholder and should not be used in production
return Convert.ToBase64String(Encoding.UTF8.GetBytes(data));
}
}
The original code was storing sensitive data in the client-side storage (sessionStorage) which is vulnerable to unauthorized read operations. The revised code now stores the sensitive data in a secure cookie on the server-side.
The CookieOptions object is used to set various security attributes for the cookie:
HttpOnlyis set totrueto prevent the cookie from being accessed through client-side scripts. This helps mitigate the risk of cross-site scripting (XSS) attacks.Secureis set totrueto ensure that the cookie is only sent over HTTPS, protecting the data from being intercepted during transmission.SameSiteis set toStrictto prevent the cookie from being sent with cross-site requests. This helps mitigate the risk of cross-site request forgery (CSRF) attacks.
The sensitive data is encrypted before being stored in the cookie using a placeholder Encrypt method. In a real-world application, you should replace this with your own encryption logic to ensure the confidentiality and integrity of the data.
By storing the sensitive data in a secure server-side cookie, we can better protect the data from unauthorized access and ensure that it is properly secured during storage and transmission.