Back to Security Pattern Catalog




Client Data Storage


Classification Key : Core Security, Tampering

Problem

In a client server system, there may be necessity to store data on the client. This data storage is necessitated for load-balancing, session management, single sign on etc. The client should not have access to view the data. How can the data be protected from unauthorized access of the client?

Solution

Use encryption to protect the data that is stored on the client. Keep a hash value of the data to detect that the content is not tampered with. Use lightweight symmetric key to protect the data. Change the session key often to protect against guessing attacks.

Known Uses

Amazon.com, Buy.com etc store encrypted cookie in the client.

Related Patterns

Encrypted Storage

Source

Kienzle et. al. Repository

Tags

Client Server, Access Control


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz