Some Potential Issues with the Security of HTML5 IndexedDB

Stefan Kimak, Jeremy Ellman, Christopher Laing

Research output: Contribution to conferencePaperpeer-review


The new HTML5 standard provides much more access to client resources, such as user location and local data storage. Unfortunately, this greater access may create new security risks that potentially can yield new threats to user privacy and web attacks. One of these security risks lies with the HTML5 client-side database. It appears that data stored on the client file system is unencrypted. Therefore, any stored data might be at risk of exposure. This paper explains and performs a security investigation into how the data is stored on client local file systems. The investigation was undertaken using Firefox and Chrome web browsers, and Encase (a computer forensic tool), was used to examine the stored data. This paper describes how the data can be retrieved after an application deletes the client side database. Finally, based on our findings, we propose a solution to correct any potential issues and security risks, and recommend ways to store data securely on local file systems.
Original languageEnglish
Publication statusPublished - 14 Oct 2014
EventSystem Safety and Cyber Security 2014 (IET Conference) - The Midland Hotel, Manchester, UK
Duration: 14 Oct 2014 → …


ConferenceSystem Safety and Cyber Security 2014 (IET Conference)
Period14/10/14 → …


Dive into the research topics of 'Some Potential Issues with the Security of HTML5 IndexedDB'. Together they form a unique fingerprint.

Cite this