Reputation: 17260
Do modern browsers encrypt or otherwise protect IndexedDB storage?
My team is considering using IndexedDB to cache data across user sessions. This data can be large enough that it would be a real performance boost to be able to keep it around in the browser for later use instead of having to download it every time the user needs it.
I am concerned about security problems with IndexedDB. The data in question isn't super sensitive, but there is a reason we require a user/pass to get to it. I worry that this data might be accessible if a user's laptop were stolen. Are these files sitting around unencrypted on the file system?
Upvotes: 29
Views: 26946
Answers (2)
Reputation: 13131
You can encrypt before storing into indexeddb. That is how I do in my open source library, http://dev.yathit.com/ydn-db/doc/usage/encryption.html
One thing to note, encrypted database cannot be query. You can only retrieve with known primary key.
You still need to pass encryption key from the server after user login.
Upvotes: 12
Reputation: 471
Unless your users are using full disk encryption on their laptops, those files are sitting there unencrypted. You could consider encrypting the data you store using some javascript crypto with a key derived from the user's password.
Upvotes: 4
Related Questions
- How is indexedDB conceptually different from HTML5 local storage?
- HTML5 IndexedDB, Web SQL Database and browser wars
- How private is indexeddb data?
- does browser local storage share space with indexeddb,
- Store sensitive data in indexedDB?
- Will the data in an IndexedDB be available between the browsers?
- Web storage local data encryption or access blocking
- indexedDB cross-browser not there yet?
- Up to date IndexedDB CRUD scenario for latest browsers?
- What is the status of IndexDB support across browsers?