The Dojo Offline Toolkit has added some cool new features to allow encryption of parts of the database very seamlessly. I wonder though, would there be any benefit from also encrypting the data so that the user cannot modify it outside of the app? Basically, should a user be able to view and modify the contents of their offline database, or should the application be allowed to encrypt the database with some 'application password' so interaction with the database must go through the business logic of the offline application. Think of a case where a user opens the database and tweaks the data to bypass business rules in application. This could also create a nightmare for synchronizations!

Technically, there is nothing stopping the application from doing that right now, except that the encryption key can simply be read out of the resource store's JavaScript files. Which leads to my other question: Is there any way to encrypt files that will be in the resource store to prevent the user from reading them? I know JavaScript obfuscators exist, but with some time, you could find the encryption key if it is only obfuscated...?