undefined | Better HN

0 pointsdiggan1y ago0 comments

> Storing sensitive data in local storage makes you vulnerable to XSS attacks and Man-in-the-Browser attacks. You're exposing your sensitive data to an attacker that injects a script to the website and to malicious browser extensions

The app in question runs locally and only with trusted code. How is the attacker supposed to get in there to place the XSS or even do a MITM attack when there is no exposed website at all? Neither are there browser extensions involved here.

> All sensitive data stored in local storage must be encrypted using a key stored in the server

Huh? Please don't do this, especially not for "local first" applications, would defeat the entire purpose.

0 comments

3 comments · 1 top-level

picardo1y ago· 2 in thread

> only with trusted code

That's a big assumption. Have you read all the code, and the dependencies of the dependencies of your code? If you haven't, how do you know it can be trusted? What if there is a backdoor in an obscure dependency that can inject a script into your website to steal your sensitive data? Don't laugh it off. When there is money on the line, someone is going to try it.

> Neither are there browser extensions involved here.

What about the extensions you installed in your browser? What about the user scripts (if you use them)?

> Huh? Please don't do this, especially not for "local first" applications, would defeat the entire purpose.

Why not? Why do you want a local first app in the first place? What's the purpose of a local first app, if not security?

digganOP1y ago

I think you're misunderstanding what kind of application this is.

It's not a website, it doesn't run in your normal browser. It runs as a standalone application.

> Why not? Why do you want a local first app in the first place? What's the purpose of a local first app, if not security?

Because as soon as those keys aren't available (either because the endpoint no longer exists, or you cannot connect to the endpoint for whatever reason (like being offline)), you can no longer access your data.

That isn't "local first" at all, it's something else entirely.

picardo1y ago

> Because as soon as those keys aren't available (either because the endpoint no longer exists, or you cannot connect to the endpoint for whatever reason (like being offline)), you can no longer access your data.

The encryption key doesn't have to be stored in the cloud. It just has to be stored somewhere else -- it could be in the file system.

> It's not a website, it doesn't run in your normal browser. It runs as a standalone application.

Even if it's a standalone application, it doesn't mean the code can be entirely trusted. I wouldn't take that risk.

1 more reply

j / k navigate · click thread line to collapse