0
votes

I am planning to use IndexedDB to store private messages queue while they will be sent on the background, especially if the page will be offline for a moment and I can retry sending them. And I want to use Service Worker to cache GET requests results (some of which are private messages lists).

It looks very unsafe that I can just open the Application tab and directly see the data from both of them there.

I know that both use same-origin-only policy, but I am not sure if they're hackable anyway. Should I look into encrypting sensitive data before putting it into IndexedDB and SW, if yes, what is the best way to do so?

are you concerned that if you visit some other page in some other domain that it can somehow view what you can see in the Application tab? Don't worry ... it shouldn't be possible (of course, bugs will be bugs) - Jaromanda X
@jaromanda-x may a browser extension access it? (what if user accidentally installed a phishing package) Or may be someone can inject their own service worker on my website and access the data? I have a red flag in my mind around the idea of storing sensitive data locally, so I wanted to make sure it's safe - Demy
what if user accidentally installed a phishing package - that sounds like their issue, not yours :p someone can inject their own service worker on my website secure your website - nothing is 100% safe on the internet - Jaromanda X