Ask HN: How necessary is encrypting IndexedDB?
1 by rdevsrex | 1 comments on Hacker News.
I'm developing an app for a client and frontend security is a major concern. It's React on the frontend and Node on the backend. I've looked at all the Web Storage API's and IndexedDB seems the most promising, however all web storage is stored on disk unencrypted. Since I have access to the backend I generate the encryption key no problem, but since we only plan to have short lived sessions (~ 1 hour) and the delete the data locally, I'm wondering how to quantify the risks of leaving that data unencrypted. It seems that most websites that use IndexedDB, don't encrypt that data, and they have a much longer storage time. So, if you have any experience with this, I'd love to get your take on the cost/benefit of encrypting IndexedDB. Thanks