A couple of days ago, Nicholas Zakas wrote an article about secure client side storage. I think the scenario he mentioned (working from a cyber cafe) is not unsafe by nature, and could be well handled by an application. Nonetheless, client side storage such as
localStorage still is subject to DNS spoofing attacks (which is the main security issue, I think). To handle this, one needs to encrypt the keys and values in the store.
So here you go:
dojox.storage.encrypted, a Blowfish encrypted storage. It sits on top of
dojox.storage, and you get all the dojo storage manager goodness, mainly the automatic selection of the best storage provider available. It exposes the complete API that
dojox.storage does. If an attacker gains access to the storage area, he can still nuke the storage, but the data found within will be useless.
read more »