Some Potential Issues with the Security of HTML5 IndexedDB

Abstract

The new HTML5 standard provides much more access to client resources, such as user location and local data storage. Unfortunately, this greater access may create new security risks that potentially can yield new threats to user privacy and web attacks. One of these security risks lies with the HTML5 client-side database. It appears that data stored on the client file system is unencrypted. Therefore, any stored data might be at risk of exposure. This paper explains and performs a security investigation into how the data is stored on client local file systems. The investigation was undertaken using Firefox and Chrome web browsers, and Encase (a computer forensic tool), was used to examine the stored data. This paper describes how the data can be retrieved after an application deletes the client side database. Finally, based on our findings, we propose a solution to correct any potential issues and security risks, and recommend ways to store data securely on local file systems.

4 Figures and Tables

Cite this paper

@inproceedings{Kimak2014SomePI, title={Some Potential Issues with the Security of HTML5 IndexedDB}, author={Stefan Kimak and Jeremy Ellman and Christopher Laing}, year={2014} }