Home > mailing lists

Re: W3C Specs: Web SQL - Mailing list pgsql-hackers

From	Alvaro Herrera
Subject	Re: W3C Specs: Web SQL
Date	November 8, 2010 14:55:39
Msg-id	1289231570-sup-7471@alvh.no-ip.org Whole thread Raw
In response to	W3C Specs: Web SQL (Charles Pritchard <chuck@jumis.com>)
Responses	Re: W3C Specs: Web SQL Re: W3C Specs: Web SQL
List	pgsql-hackers

Tree view

Excerpts from Charles Pritchard's message of sáb nov 06 23:20:13 -0300 2010:

> Simple async sql sub-set (the spec in trouble):
> http://dev.w3.org/html5/webdatabase/

This is insane.  This spec allows the server to run arbitrary SQL
commands on the client, AFAICT.  That seems like infinite joy for
malicious people running webservers.  The more powerful the dialect of
SQL the client implements, the more dangerous it is.

-- 
Álvaro Herrera <alvherre@commandprompt.com>
The PostgreSQL Company - Command Prompt, Inc.
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

pgsql-hackers by date:

From: Tom Lane
Date: 08 November 2010, 14:55:22
Subject: Re: postgresql scalability issue

From: Aidan Van Dyk
Date: 08 November 2010, 15:05:14
Subject: Re: Protecting against unexpected zero-pages: proposal

Re: W3C Specs: Web SQL - Mailing list pgsql-hackers

Previous

Next