Home > mailing lists

Re: W3C Specs: Web SQL - Mailing list pgsql-hackers

From	Sam Mason
Subject	Re: W3C Specs: Web SQL
Date	November 9, 2010 10:06:22
Msg-id	20101109110612.GG6225@samason.me.uk Whole thread Raw
In response to	Re: W3C Specs: Web SQL (Alvaro Herrera <alvherre@commandprompt.com>)
Responses	Re: W3C Specs: Web SQL
List	pgsql-hackers

Tree view

On Mon, Nov 08, 2010 at 12:55:22PM -0300, Alvaro Herrera wrote:
> Excerpts from Charles Pritchard's message of sáb nov 06 23:20:13 -0300 2010:
> 
> > Simple async sql sub-set (the spec in trouble):
> > http://dev.w3.org/html5/webdatabase/
> 
> This is insane.  This spec allows the server to run arbitrary SQL
> commands on the client, AFAICT.  That seems like infinite joy for
> malicious people running webservers.  The more powerful the dialect of
> SQL the client implements, the more dangerous it is.

How is this different from the server asking the client to run an
infinite loop in javascript?

--  Sam  http://samason.me.uk/

pgsql-hackers by date:

From: KaiGai Kohei
Date: 09 November 2010, 09:52:54
Subject: security hooks on object creation

From: Jakub Ouhrabka
Date: 09 November 2010, 10:16:39
Subject: Re: Avoid memory leaks during ANALYZE's compute_index_stats() ?

Re: W3C Specs: Web SQL - Mailing list pgsql-hackers

Previous

Next