Back to Security Pattern Catalog

Client Data Storage

Classification Key : Core Security, Tampering


In a client server system, there may be necessity to store data on the client. This data storage is necessitated for load-balancing, session management, single sign on etc. The client should not have access to view the data. How can the data be protected from unauthorized access of the client?


Use encryption to protect the data that is stored on the client. Keep a hash value of the data to detect that the content is not tampered with. Use lightweight symmetric key to protect the data. Change the session key often to protect against guessing attacks.

Known Uses, etc store encrypted cookie in the client.

Related Patterns

Encrypted Storage


Kienzle et. al. Repository


Client Server, Access Control


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz