PWA, IndexedDB security question

Forum Moderators: not2easy

Message Too Old, No Replies

PWA, IndexedDB security question

NickMNS

7:28 pm on Nov 6, 2017 (gmt 0)

I'm working on converting a calculator web-app into a Progressive Web-App such that the user will be able to use the calculator when not connected to the network. In order to achieve this it will require me to store data locally on the user's device. Then when the user is off line, they can access the local data in place of the my server's database. For the app to respond to any request I essentially have to put all the data on the users device. My concern is not size, but simply that the user will then have access to the entire recipe of my secret sauce.

Does anyone have any ideas on how to protect the data to prevent it from easily being accessed as whole?

I don't necessarily need a perfect solution, but at least something that will require anyone wanting to steal and reuse the data to work for it.

Note to mods: we really need a forum for PWA's

keyplyr

8:34 pm on Nov 6, 2017 (gmt 0)

Couple (hopefully) helpful links:
[developers.google.com...]
[stackoverflow.com...]

NickMNS

2:50 am on Nov 7, 2017 (gmt 0)

Thanks Keyplyr.

I had already seen the Google dev post, there is not much there in regards to my question. But the stack-exchange post is interesting. As suspected, there is not much one can do. But the first solution proposed is interesting. That is to limit the number of requests to the cached content. So say after 10 or 20 requests I could have the app delete the cached data. But this is somewhat futile as you will be able to go into to dev-tools in chrome and see the cached data directly. So even one request would be sufficient for someone to copy it.

I was thinking of encrypting the data some how. But again since the data and the key will both be on the device this still doesn't work.