Local IndexedDB security (DB name uniqueness)

Question

PouchDB uses IndexedDB under the hood. You specify a database name when you create it; if it's not a URL, the docs mention that it will create a local database using whatever backend is present (i.e. IndexedDB, WebSQL, or LevelDB).

What I can't find is any information about the uniqueness of the name. If there are two web applications that create an IndexedDB with the same name, what happens?

Is it that:

• The DB is linked to the domain, so you only need unique database names within multiple web applications (eg. games) on a single domain, or
• The DB name is global, and all databases must have unique names (similar to how Google Play requires unique app namespaces)

I plan to use this in multiple games hosted on a single domain, but I also want to know if Is should prefix some domain identifier in the DB names so I don't accidentally collide with other IndexedDB instances from other sites.

Answer 1

WebSQL and IndexedDB databases are both linked to the host. So foo.com and bar.com would have different databases, even if they gave them the same name. It's standard web security; the same thing happens with cookies and LocalStorage.

From the Cross Directory Attacks section:

Different authors sharing one host name, for example users hosting content on geocities.com, all share one set of databases.

So apparently databases are shared per-domain but not per-host.