I am working on an application which stores some sensitive information in the user's browser(localstorage and IndexedDB), because the application runs in offline mode also.
Is there some way which makes sure that the user won't be able to edit the data in IndexedDB from Developer tools.
We are using Encryption to save sensitive data in the encrypted form, but I am looking forward to a solution which will disable any sort of editing from the user.
Data in indexedDB can be deleted at any time. The data is locked to the origin. The data can be viewed at any time in plain text form using dev tools.
Rather than prevent editing you can at least detect dirtiness and branch towards an error. Try using an encrypted blob with a checksum property to verify the blob's integrity. For example, crc32 (like here JavaScript CRC32). You can checksum the data when saving, store the checksum, and then recreate the checksum when loading the data and compare that to the saved checksum. If the two do not match the data is dirty.
