Local Storage: Is Bubble's default setting unsafe?

I was thinking about best practices to prevent users’ data from being stolen from my app.
Then this article caught my eye.

So I opened DevTools to check it out and found that my email were stored in the local storage.

Is this safe? If not, what can I do to keep my users’ data safe?

Hey, @rio,

You can check the privacy rules :slight_smile: :computer:

Thank you for the fastest answer.
Yes, I have set the privacy so that only the current user can access the email for example.
However, my concern is that they can see the email in the browser’s local storage. According to the article, unless it is stored in “session storage”, datas could be easily stolen.

It can if a malicious script makes its way into your site code (e.g. XSS attack). And session storage won’t help against that. It’s game over at that point.

If it is just your email, I think you are fine. Users’ session information is typically stored in the local storage, as long as they are not security-critical information like passwords, keys, tokens, etc.

Also your browser’s local storage should only contain your own information. Open your browser in incognito mode and login as another user to make sure your information is not leaking into other users’ local storage.

1 Like

Thanks for the details.
I think I should get used to if that is the way it is.