4

I have developed web application that will store user's profile sensitive data in index db and local storage.I am using web storage as i need to access this data frequently in contacts page,chat page and other places as well. My main concern is that everyone who is loggedin has access to this sensitive data.

So i was searching around ways to either block access of indexDb and Local Storage,I also check this Stack Overflow Question: Can local storage ever be considered secure? but could not make out proper decision to opt for.

Then i was wondering if we can encrypt this data while saving and decrypt after fetching so that no one has direct access to it.

Can any one suggest any approach and methodology which can easily solve my problem.

Thanks in advance.

Community
  • 1
  • 1
Pratswinz
  • 1,476
  • 11
  • 24
  • If anyone wants i can add snapshot of the data being stored.Also if i can use Stanford Javascript Crypto Library – Pratswinz Aug 03 '16 at 06:42
  • How sensitive is your data? Is the owner the only one who will ever have access to the data? Are you running https? – Jørgen Aug 03 '16 at 06:56
  • yes m running https and whaterver profile and contacts related data is recieved from db is stored in index DB – Pratswinz Aug 03 '16 at 09:07
  • You haven't properly described your application. I guess you're having a web site with some kind of login and store some data in localStorage, right? Now you're thinking about what would happen if different users would try to login on the same machine/browser or that they wouldn't even need to login, right? – Artjom B. Aug 03 '16 at 17:46
  • i have developed software which lets users to do conferencing(SIP,DATA) and also users can do chat,in addition the organiser can assign tasks. Once the user is logged in the application retrieves user contacts from database which contains sensitive data and currently being stored in indexDB,so i want none of the logged in users can be able to access it,or the data is encrypted – Pratswinz Aug 03 '16 at 19:31
  • make the user enter a password to start the app. then use a pbdfk to turn the non-stored password into an AES key, which you use to decrypt the stored data. That way, nobody without the password can recover anything from the hard drive (localStorage). – dandavis Aug 03 '16 at 21:03

1 Answers1

1

After exploring a lot i found YDN-DB(Unified data access layer on IndexedDB, WebDatabase and WebStorage storage mechanisms) but i am yet to implement it,can anyone suggest any better solution than YDN-DB or its the best i can opt for now.

https://dev.yathit.com/ydn-db/index.html

Details of this DB can be checked in the above link.

Pratswinz
  • 1,476
  • 11
  • 24