0

Knowing that

  • Server always validates the data before saving it.

  • Browser app is generating the data based on user input and some business logic and is storing it locally.

  • Browser app then synchronize with server to save locally generated data and fetch other data generated by other users.

Is it secure to keep data is local database (websql)?

gurvinder372
  • 823
  • 2
  • 8
  • 9
  • 1
    A full answer would need to be longer, but you should note that WebSQL is obsolete and deprecated for over 5 years now, and you should not ever be using it for anything at all. Definitely not sensitive data. That said, there are other alternatives, such as IndexedDB and LocalStorage - for these, you would need a fuller answer. – AviD Jan 19 '16 at 12:44
  • 1
    `WebSQL is obsolete and deprecated for over 5 years now` even if it is obsolete and deprecated as per standards, browsers themselves have not deprecated the feature itself and have not communicated any plan of doing so in near future. – gurvinder372 Jan 19 '16 at 17:23
  • `Definitely not sensitive data` Is it because of the standard being deprecated or some other reason? Thanks for your interest, waiting for a fuller answer :) – gurvinder372 Jan 19 '16 at 17:23
  • @AviD Are you suggesting that IndexedDB is somehow more secure than WebSQL? My understand is they are both stored in the clear on the uesr's machine... – Michael Apr 25 '16 at 03:13
  • @Michael no, I am suggesting that since WebSQL is deprecated, it should not be used for anything at all; since it will not be updated, it should especially not be used for anything sensitive. On the other hand, IndexedDB *is* still supported, standardized, and updated. Technically speaking, since they are both stored and implemented in the browser, they do have similar threats, but the technical implementation may be different and have different vulnerabilities (which would likely not be fixed in WebSQL...) – AviD Apr 25 '16 at 06:36

0 Answers0