Re: W3C Specs: Web SQL

On Mon, Nov 08, 2010 at 12:55:22PM -0300, Alvaro Herrera wrote:
> Excerpts from Charles Pritchard's message of sáb nov 06 23:20:13 -0300 2010:
> 
> > Simple async sql sub-set (the spec in trouble):
> > http://dev.w3.org/html5/webdatabase/
> 
> This is insane.  This spec allows the server to run arbitrary SQL
> commands on the client, AFAICT.  That seems like infinite joy for
> malicious people running webservers.  The more powerful the dialect of
> SQL the client implements, the more dangerous it is.

How is this different from the server asking the client to run an
infinite loop in javascript?

--  Sam  http://samason.me.uk/