Replies: 1 comment 3 replies
-
|
What about encrypting all the data stored on disk so malware can't read it? |
Beta Was this translation helpful? Give feedback.
-
|
That is possible. We can do at-rest encryption, but there must be a key stored somewhere else where it can be retrieved. Another way would be to ask the user for the key, but that would be a bit user unfriendly. |
Beta Was this translation helpful? Give feedback.
-
|
I think operating systems will provide a keystore for this kind of thing. We'd just have to figure out how to call into it on an per-OS basis. |
Beta Was this translation helpful? Give feedback.
-
|
I'd say, also give an option to need to always unlock your browser when you close or minimize it with a password / fingerprint / securitykey could make sense. |
Beta Was this translation helpful? Give feedback.
-
Much data is written to the clientside through javascript and systems like cookies.
We should be able to implement data stores and allow to fetch data from it.
Data should be stored (profile). But can also be opted for in-memory only
Local storage should be configurable to be cleared after session (non persistent)
Cookies should follow current security standards (blocking 3rd party etc), and should be configurable.
The networking layer should not know about cookies. This should be lasswd along from the user agent (if possible? How about assets loaded from the html page)?
Beta Was this translation helpful? Give feedback.
All reactions