Back to Security Pattern Catalog
Client Data Storage
: Core Security, Tampering
In a client server system, there may be necessity to store data on the client. This data storage is necessitated for load-balancing, session management, single sign on etc. The client should not have access to view the data.
How can the data be protected from unauthorized access of the client?
Use encryption to protect the data that is stored on the client. Keep a hash value of the data to detect that the content is not tampered with. Use lightweight symmetric key to protect the data. Change the session key often to protect against guessing attacks.
Amazon.com, Buy.com etc store encrypted cookie in the client.
Kienzle et. al. Repository
Client Server, Access Control
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz