diff --git a/docs/source/configuration.rst b/docs/source/configuration.rst index b08849e12e..3fd8b8cfbb 100644 --- a/docs/source/configuration.rst +++ b/docs/source/configuration.rst @@ -1718,11 +1718,12 @@ compile time. This configuration seting allows this value to be set at runtime as well. +.. _persistent-store: persistent_store ---------------- -* Default: ``localStorage`` +* Default: ``IndexedDB`` * Valid options: ``localStorage``, ``IndexedDB``, ``sessionStorage``, ``BrowserExtLocal``, ``BrowserExtSync`` Determines which store is used for storing persistent data. diff --git a/docs/source/features.rst b/docs/source/features.rst index 1645685c37..44da903db2 100644 --- a/docs/source/features.rst +++ b/docs/source/features.rst @@ -31,7 +31,7 @@ End to end message encryption (`XEP-0384 OMEMO `_. +Converse stores this session information in the browser's `IndexedDB `_ +or `localStorage `_ +database, depending on the value provided to :ref:`persistent-store`. If you've checked the "This is not a trusted device" checkbox when logging in, then `sessionStorage `_ @@ -88,10 +90,7 @@ headers. Due to these reasons, it's NOT a good idea to use encrypted messaging with a browser-based solution in life-threatening situations. -Security can be increased by using an installable app (like one based on `Electron `_) -with a strict Content Security Policy. - -Look out for an Electron based version of Converse coming in the following months. +Security can be increased by using an installable app (like `Converse Desktop `_). For further reading on the challenges of web-based crypto, take a look at these articles: