Geek Answers Handbook

Can modern browsers encrypt or otherwise secure IndexedDb storage?

My team is considering using IndexedDb to cache data in user sessions. This data can be large enough to improve performance to support it in the browser for later use, instead of loading it every time the user needs it.

I am worried about security issues with IndexedDb. The data in question is not hypersensitive, but there is a reason why we need a user / pass to get to it. I am worried that this data may be available if a custom laptop has been stolen. Are these files unencrypted in the file system?

+7
indexeddb
source share
2 answers

You can encrypt before saving to indexeddb. Here's how I do it in my open source library, http://dev.yathit.com/ydn-db/doc/usage/encryption.html

One note: an encrypted database cannot be a query. You can only get a known primary key.

You still need to transfer the encryption key from the server after logging in.

+3
source share

If your users do not use full disk encryption on their laptops, these files are sitting there unencrypted. You may consider encrypting data stored using some javascript crypto with the key obtained from the user's password.

+2
source share

More articles:


All Articles