How to either encrypt local DB completely or not show it in browser at all in a PWA?
Application Type
Mobile

We require suggestions/solution for a technical issue we are facing for local storage entities in Outsystems.We have built a PWA application which has offline mode capabilities and thus it has a lot of local tables which are synced during login.

The issue is that when this PWA is run in browser, we can go on to Inspect element>> Application>> IndexedDB storage and see all these table data in there.We need to avoid this as this is master data for client and this is a major security breach too.Could you please help us in guiding how to either encrypt this local DB completely or not show it there at all.

Kindly let me know if you need any other details.

Hi Rachita,

You can use Ciphered Local Storage Plugin. Please see the below link -

https://www.outsystems.com/forge/component-overview/1500/ciphered-local-storage-plugin

Thanks

Vinod

Hi Vinod,

Thank you for your reply. I added this component to the module and also managed all the dependencies but still I am able to view the data on the browser.

Thanks,

Rachita

Hi Rachita,

Have you followed below steps -

To make this change effective you need to:

  • Publish and rebuild your app - to replace the old local storage database with the new ciphered database.

  • Uninstall the previous version of your app - to remove the old local storage for security reasons. The old local storage can no longer be accessed by the application.

  • Install the new version - only this version references the new ciphered database.

Hi Vinod,

The issue is that I am testing the app on browser and not on device. I have tried to clear the cache and reload the application as well but it is still not working.

Hi Rachita,

You can cross check plugin using below client action that is available in CipheredLocalStoragePlugin. May be for browser that plugin is not available.

CheckCipheredLocalStoragePlugin

Thanks

Vinod

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.