- From: Sora2455 <notifications@github.com>
- Date: Thu, 25 Jul 2019 04:44:49 -0700
- To: w3c/IndexedDB <IndexedDB@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 25 July 2019 11:45:12 UTC
You can hack this together with the Crypto API if you have to. JSON.Stringify (IE8+) -> TextEncoder (polyfillable) -> crypto.subtle.encrypt (Edge and up, IE11 if you're willing to handle a non-promise result) -> IDBObjectStore.add() (IE10+) saves any JSON data to disk encrypted. IDBObjectStore.get() -> crypto.subtle.decrypt -> TextDecoder -> JSON.Parse gets it back out again. Really, the hard part is key management, as it usually is with these things. Personally, I include it in the HTML of the page servers-side, retrieve it and remove it from the HTML client-side before any other code has a chance to run. If you make sure your key is held in a closure, and that you Object.freeze the APIs in question, you should be safe. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/IndexedDB/issues/191#issuecomment-515011663
Received on Thursday, 25 July 2019 11:45:12 UTC