I am writing a web application using client side templating. This application needs to interact with a REST Server which supports Basic Http authentication (using ssl). So, with every request that needs to be authorized, username and password are passed in Request header.
My question is where and how to store username and password so that they can be accessed client-side by javascript code.
I am writing a web application using client side templating. This application needs to
Share
I wouldn’t store usernames and passwords on the user’s system. This is a security problem.
Instead, your REST login service should send a session cookie back that includes an encrypted authorization key. That cookie will then get passed back up upon further REST calls and your REST service backend can read the cookie to validate that the user has a valid authorization token.
If you don’t want to use the cookie mechanism because you have to use a different header, still consider using the auth token method and storing the auth token locally (using cookies or local storage). If you don’t have control of the backend at all, and you have to pass username/password up, then I think you are stuck. Saving the password on the client’s machine (in cookies or local storage or whatever) is a bad idea because it can be read in plain text. Any encryption method you use can be easily reverse engineered.