0

I have an internal php web app that runs in browser and is simply a sort of todo/meeting notes recorder(the data may be used by different apps).

The app uses an background autosave feature (js/ajax/php), but that obviously works only with internet connection. Moreover I found myself in situation when my battery drained sooner than I could reach signal or a power socket. Then all data was lost :(

I am considering switching the backup feature to js/localStorage and check periodically for server availability and save online then(erase localStorage). I was googling for other options and only Google Filesystem API shows as an alternative, albeit probably being phased out?

My question is - since the data may contain sensitive information, would you consider storing the data using localStorage "safe" in regards to user access? The devices the app is used on are password+fingerprint protected, but since different OS and Browser combinations store the localStorage data in various locations, I am worried a different user could perhaps get to that data... (device theft/loss)

Or is encryption the only way?

thank you for your ideas.

Alexander

Alexander
  • 122
  • 9
  • have a look at [this question](https://stackoverflow.com/questions/9948284/how-persistent-is-localstorage) to understand why this is not a good idea. A good approach is to save each change to the server when it is done. so that you will loose only the last one in case – Lelio Faieta Feb 07 '19 at 14:45
  • Thanks for the link Lelio, very close to my concerns. Since any "increment" of the data may be substantial(in importance or extent), losing it is not an option. But reading throught the linked question, localStorage can be relied upon for my purpose, combined with encryption. – Alexander Feb 08 '19 at 20:10

1 Answers1

0

This is not exactly a programming question. However, consider the following:

When thinking about security, differentiate between threats, vulnerabilities, and usability.

Storing plain, sensitive data opens up a vulnerability. However, I would argue that such vulnerability is mitigated if the computer itself is protected with a password, use of unauthorized apps is limited etc. There is, of course, an option to remove the hard drive, connect it to a different computer and access the data. However, only a full HD encryption can protect you from this.

Moving to threats. What are the chances that someone from outside tries to deliberately snoop into your notes? Like building a tool that fetches contents of the localstorage and then waits until power/network comes back to upload it. Unless you are handling really sensitive, top-secret data, the probability of this is very very low. If you are handling top secret stuff, your devices would be encrypted anyway.

To stay on the safe side you could implement some sort of encryption. However, encryption depends on secret keys, such as certificates and passwords. Asking users to enter a password every time to save/load their notes would significantly impair the usability. Imagine the horror being prompted for a password when you are rushing to save your work because your computer is running out of juice.

Eriks Klotins
  • 3,546
  • 1
  • 8
  • 23
  • Thanks Eriks, interesting summary. I am now quite confident that I can cover threats with data encryption, thus any tool would get encrypted data. Hardware threats can be solved by disk encryption and malware/virus situations are mitigated by strict software policy and antivirus+firewall. Devices using the app are single-user, internal company use only, – Alexander Feb 08 '19 at 20:16
  • Sorry, the comment edit took too much time :) ... I am now quite confident that I can cover threats with data encryption(encryption algorithm will be using hardcoded keys), thus any tool would get encrypted data. Decryption will be uneconomical. Hardware threats can be solved by disk encryption and malware/virus threats are mitigated by strict software policy and antivirus+firewall. Devices using the app are single-user, internal company use only and the data rarely contains top secret data. This is to protect company and client information and personal data. – Alexander Feb 08 '19 at 20:22
  • What would be exact gains of using hardcoded keys for encryption? If I have access to your machine, I can grab both, the keys and the encrypted content. For encryption to be worth it, the keys need to be stored somewhere else. – Eriks Klotins Feb 08 '19 at 20:31
  • Hey Eriks, the machine is password protected with encrypted disk, the app resides on remote vps. That should be enough, right? – Alexander Feb 10 '19 at 06:17
  • Yes, @Alexander, for all practical purposes this should be enough. – Eriks Klotins Feb 10 '19 at 13:52