Hi Alberto, Lets start of with a link: http://www.academia.edu/5475280/An_Investigation_into_Possible_Attacks_on_HTML5_IndexedDB_and_their_Prevention and another one: https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet
Done reading that? Good. The first thing in web-app security is, that there is no security. Number 1 concern in our line of business: *do not trust the client *(where the client is the program connecting to your server, your not even sure it's a browser!) things you have to do to get at least a little security: 1. HTTPS 2. enable CORS 3. no 3rth party extensions (meaning: no advertising, no social stuff, no untrusted CDN's, nothing coming from another origin basically) If you have all of that, you might be reasonable safe, However, your uses might have installed some plugins into his browser. Problem! Plugins can still access your indexedDB. Bottom line, if you have something that needs to be stored at an safe location, the browser is not a platform you can use! Store it on your server. Regards Sander -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
