Protected browser storage

Tony.Nguyen · September 17, 2020, 4:43am

Hi,

Blazor, anvil alternative - C# instead of Python, just release Protected browser storage

Is there a way to achieve the same thing with Anvil at the moment?

Any hint is really appreciated.

robert · September 17, 2020, 5:54am

I don’t see much on the link about the protected browser storage. Do you have more details?

My understanding is that most modern browsers use a sandboxed environment for each tab. Chrome did this very early and Edge has picked it up (or really appropriated by using Chromium). This is baked into the browser and not the framework necessarily.

I’m not an expert though.

Tony.Nguyen · September 18, 2020, 1:41am

Thanks @robert, I updated the link, it was wrong.

When loading all data to the browser, the data is visible to users who can modify, copy it. Using service worker might have the same issue.

Protected browser storage might solve that

robert · September 18, 2020, 3:13am

Ah very interesting. I’m not seeing how it is actually “protected” here. Perhaps what they mean is that they want to see if it has been tampered with.

You might be able to do this in Anvil by calculating a checksum in the client and comparing that to a checksum on the server-side. If they match, the data is good, otherwise, it has been changed. You could then re-use this data to prevent a longer server call for large data.

But I still wouldn’t use it as a trusted place to store data the client shouldn’t have in the first place, and it’s not clear that protected storage in Blazor does this either.

Tony.Nguyen · September 20, 2020, 2:38am

Thanks @robert, it seems that it is not really “protected”. The recommended way is to use AES 256-bit encryption. But you are right, client should not be trusted to store data even though it is encrypted.

It might be possible in the future not now.