JavaScript Can't Keep a Secret
Learn why we should never store private information on the client, including in URLs.
We'll cover the following
Client-side secrets are common
In 2022, RedHunt Labs (an information security company) performed a study on secrets exposed via client-side web applications. They were able to capture a staggering number of secrets from the top one million internet domains, a staggering 395,713. Many secrets had to do with managing authentication like API keys or cryptographic secrets including Stripe tokens, Google reCAPTCHA keys, Google Cloud API keys, AWS keys, and Facebook tokens.
Get hands-on with 1400+ tech skills courses.