Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
How to securely store JWT Tokens in Front-End: Cookies vs. HTML5 Web Storage |
| ¿µ¹®Á¦¸ñ(English Title) |
How to securely store JWT Tokens in Front-End: Cookies vs. HTML5 Web Storage |
| ÀúÀÚ(Author) |
Æ÷ºñüī
±ÇÂù¿ì
±è¹Î¾Æ
Vicheka Phor
Chanwoo Gwon
Mina Kim
Woncheol Ryu
Sangwon Hwang
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 22 NO. 01 PP. 0193 ~ 0194 (2021. 04) |
Çѱ۳»¿ë
(Korean Abstract) |
|
¿µ¹®³»¿ë
(English Abstract) |
JSON Web Token (JWT)[1] is very popular and widely used as an authentication and authorization method for modern web applications. However, if misused, this technology may put entire systems at risk. Since the crucial part of using JWT token is about where the developer store it in Front-End, this article aimed to help store JWT tokens in Front-End Cookie[2] or HTML5 Web Storage[3,4] securely and adequately. With the various types of resources over the internet, we go through the pros and cons of Cookie and HTML5 Web Storage and each element of each storage mechanism's security vulnerability. As a result, it is better to use Cookie with proper flags instead of HTML5 Web storage to store JWT tokens in Front-End securely. The main reason is that we can limit the attack scale with Cookie if there is an XSS vulnerability. If there is an XSS vulnerability with cookies, the access token is still hidden, and it cannot be stolen making attackers be able to attack on "onsite" only. However, for HTML5 Web storage, attackers can read the access token and carry out attacks remotely.
|
| Å°¿öµå(Keyword) |
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
