Quick Links

Re: W3C Specs: Web SQL

From:	Alvaro Herrera <alvherre(at)commandprompt(dot)com>
To:	Charles Pritchard <chuck(at)jumis(dot)com>
Cc:	pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: W3C Specs: Web SQL
Date:	2010-11-08 15:55:22
Message-ID:	1289231570-sup-7471@alvh.no-ip.org
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Excerpts from Charles Pritchard's message of sáb nov 06 23:20:13 -0300 2010:

> Simple async sql sub-set (the spec in trouble):
> http://dev.w3.org/html5/webdatabase/

This is insane. This spec allows the server to run arbitrary SQL
commands on the client, AFAICT. That seems like infinite joy for
malicious people running webservers. The more powerful the dialect of
SQL the client implements, the more dangerous it is.

--
Álvaro Herrera <alvherre(at)commandprompt(dot)com>
The PostgreSQL Company - Command Prompt, Inc.
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

In response to

W3C Specs: Web SQL at 2010-11-07 02:20:13 from Charles Pritchard

Responses

Re: W3C Specs: Web SQL at 2010-11-08 18:36:16 from Charles Pritchard
Re: W3C Specs: Web SQL at 2010-11-09 11:06:12 from Sam Mason

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Robert Haas	2010-11-08 16:05:28	Re: timestamp of the last replayed transaction
Previous Message	Tom Lane	2010-11-08 15:55:15	Re: postgresql scalability issue