Re: 'Pure' client-side javscript database?

Hi Kimmo,

>
>
> I'm glad you found it, but I MUST protest, that revealing the database
> structure to end-users (clients) is asking for hacks, especially when the
> site also provides the possibility to run queries. That's just like making
> a sign for burglar: "Please come here and steal everything we have, we
> don't lock doors or have alarms and our dog is actually just a chihuahua."
> That's a warm welcome for hackers. What prevents me from running "DROP
> DATABASE xyz" from javascript console?
>
>

It is a client-side code, whatever you drop, you drop from your
browser/session only.
Nothing affect other users.

It is a mean to store data for the current user. I see this as a nice
companion for DHTML pages.

> Do pay attention to database security and user rights if and when you
> implement that sort of environment. It seems to me a very high risk.
> Unless this is for intranet or some sort of restricted user group?
>

Elias
Received on Tue Oct 18 03:13:56 2005