StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
11768872
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
1
CommunityOwnedDate
CreationDate
2012-08-01T23:09:48.750
FavoriteCount
0
LastActivityDate
2015-10-22T23:48:50.843
LastEditDate
2015-10-22T23:48:50.843
LastEditorUserId
1215133
OwnerUserId
1215133
ParentId
11768832
PostTypeId
2
Score
5
ViewCount
0
LastEditorDisplayName
text
Body
When you're dealing with sensitive values stored in JavaScript, you have two primary security concerns: <ol> <li>The sensitive value is viewable as plain text in the source.</li> <li>Another JS function on the page can reach into the object and pull those values (i.e., an XSS attack). </li> </ol> The second item above becomes much more relevant when you have apps running from multiple sources on a single page (e.g., Facebook apps). In these instances, you would have to take pre-cautions not to expose sensitive variables by using closures to namespace. You are actually already doing this: your <code>user</code> object is declared inside a closure. This prevents any other JS function on the page from being able to access the <code>user</code> object. In your case, I'm assuming that there isn't any other code on the page except for your own and the possibility for injection is minimal--your code is safe :) Edit: What makes storing the username and password in a cookie insecure is that it sits on your computer after you've closed the browser. If a hacker can access that cookie (through any number of ways) then you could be in trouble. What you've done above is safe because nothing is stored on the client side after the browser closes (and while the browser is open, other JS cannot access the values you've stored). If you want to put something in a cookie, it'd be better to store some sort of public/private authentication key. There's a lot of discussion on this, here is a thorough 'best practices' article on the topic: <a href="http://jaspan.com/improved_persistent_login_cookie_best_practice" rel="nofollow">http://jaspan.com/improved_persistent_login_cookie_best_practice</a>
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POJavascript Security: is storing sensitive data in a self invoking function more secure than cookies?
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USElliot B.
UserOwnerUserId
1. USElliot B.
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POJavascript Security: is storing sensitive data in a self invoking function more secure than cookies?
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. COThanks for your answer! Please see my edit.
 singulars
 PostPostId
 PO
 UserUserId
 USKTastrophy

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.