Re: W3C Specs: Web SQL
| От | Kevin Grittner |
|---|---|
| Тема | Re: W3C Specs: Web SQL |
| Дата | |
| Msg-id | 4CD8EE310200002500037425@gw.wicourts.gov обсуждение исходный текст |
| Ответ на | W3C Specs: Web SQL (Charles Pritchard <chuck@jumis.com>) |
| Список | pgsql-hackers |
Alvaro Herrera wrote: > Excerpts from Charles Pritchard's message: >> I don't believe the webmaster is granted free rein: >> Disk quotas are enforced, data is separated per origin, >> hanging processes are up to the implementer, and postgres has >> plenty of settings for that. > > The day a privilege escalation is found and some webserver runs > "pg_read_file()" on your browser, will be a sad one indeed. Personally, I feel somewhat more safe about trusting PostgreSQL on this than JavaScript, Java applets, a Flash plug-in, and cookies -- all of which are enabled in my browser. Sure, I occasionally hit an ill-behaved page and need to xkill my browser. I don't visit that site again. And it really doesn't happen to me very often. Can you can make a case that this proposal is more dangerous than having all the above enabled? -Kevin
В списке pgsql-hackers по дате отправления: