Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

보안 향상을 위한 토큰 저장 및 관리 방식 개선 #277

Open
2 tasks
sejongk opened this issue Dec 30, 2022 · 0 comments
Open
2 tasks

보안 향상을 위한 토큰 저장 및 관리 방식 개선 #277

sejongk opened this issue Dec 30, 2022 · 0 comments
Labels
enhancement New feature or request

Comments

@sejongk
Copy link
Member

sejongk commented Dec 30, 2022
edited
Loading

Description

실제 구현 방식은 향후 논의를 통해 변경 및 구체화

  • 현재 Local Storage에 Access token, Refresh token을 저장하는 방식은 XSS, CSRF 공격에 취약할 수 있음
  • Access token을 In-memory에, Refresh token을 httpOnly, secure 쿠키로 저장하도록 하여 위의 취약점 대응
    • BE에서 Access token은 Response body에, Refresh token은 쿠키로 주도록 변경되어야함

To-Do

  • Access token을 In-memory로 저장 및 사용하도록 구현
  • Refresh token을 cookie로 저장 및 사용하도록 구현

ETC

참고 자료
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sejongk