Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Security and performance impact of client-side token storage methods
Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
2022 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

Applications store more data than ever before, including sensitive information such as user data, credit card information, and company secrets. Due to the value of this data, malicious actors have a financial incentive to employ a variety of attacks against applications in order to gain access to it. As a consequence, application owners protect data behind authorization systems, with a common solution being token-based authentication systems in which the user’s client receives and stores an access token after successful authentication. Developers seeking to create secure and effective applications face a number of questions. How do clients store these tokens and are they vulnerable to attack? What is the most secure way to store these tokens, and how do different storage methods impact the user experience?

The objective of this study is to answer these questions by comparing current storage methods available to developers of frontend applications. Literature was reviewed and an empirical study conducted so that comparisons could be made. Six storage options were found to be viable choices for review and ultimately it was concluded that In-memory storage with closures was the most secure storage option, but that this choice could have an impact on the usability of the application depending on the user desire for data persistence.

Place, publisher, year, edition, pages
2022. , p. 39
Keywords [en]
storage, security, performance, tokens
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:bth-23322OAI: oai:DiVA.org:bth-23322DiVA, id: diva2:1676749
Subject / course
PA1445 Kandidatkurs i Programvaruteknik
Educational program
PAGWE Web Programming
Supervisors
Examiners
Available from: 2022-06-27 Created: 2022-06-27 Last updated: 2022-06-27Bibliographically approved

Open Access in DiVA

Security and performance impact of client-side token storage methods(488 kB)666 downloads
File information
File name FULLTEXT02.pdfFile size 488 kBChecksum SHA-512
035f5302e6c765e7420ffb2b9986f7202a5e568f07a0786b3f2d025c31d024a8998b05dce380cb44104ecc590dce41acd299ce7608e82d94c1b86686ce8235d7
Type fulltextMimetype application/pdf

By organisation
Department of Software Engineering
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 666 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 614 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf