[webkit-dev] Database Storage

Brady Eidson beidson at apple.com
Fri Oct 3 11:58:33 PDT 2008 

To expand on this point,

The data you store on your user's system should be your user's data.   
It should belong to them, and therefore "security concerns" about what  
they do with it should be moot.

You can, of course, encrypt the data or otherwise obfuscate it before  
storing it in the database, but that's not enough to keep them from  
poking around messing with it.

First rule of computer security - all security measures are worthless  
if the attacker gains physical access to the machine.

~Brady

On Oct 3, 2008, at 3:29 AM, Anthony Ricaud wrote:

> Hi,
>
> The database storage (like cookies, localStorage and sessionStorage)
> is stored locally. So everyone can modify it, you can't rely on it.
> It's really easy to do so with the Database panel in the Web  
> Inspector.
>
> Anthony.
>
> Le 3 oct. 08 à 02:45, Loll a écrit :
>
>> Hi,
>>
>> Im not sure if this is the right place to ask this or not, so im  
>> sorry
>> in advance if it is.
>>
>> I am interested in the database Storage that is now available through
>> webkit and had a few questions about it.
>>
>> My main point of interest is in the security of it. Right now, the
>> website I develop uses PHP and information is stored using PHP
>> sessions. From a servers point of view I can see a lot of advantages
>> of storing such data locally. For one thing , its lot less reads and
>> writes to the server, making it a bit faster I would expect.
>>
>> But how secure is the data? is it secure enough to reliably put such
>> info on a clients system? Im not talking about bank data here, but I
>> am looking at data that I would not want to be altered or viewed in
>> its raw format all the same.
>>
>> Is it safe to assume that no one is going to get into it , any more
>> than its safe to assume that no one is going to hijack a PHP Session
>> to gain access to the same data?
>>
>> Anyway I just wondered if was a good idea to think about moving in  
>> the
>> direction of local storage vs server storage and what level of data
>> should be safely stored that way, vs what shouldn't be stored that
>> way.
>>
>> Thanks
>>
>> Loll
>> _______________________________________________
>> webkit-dev mailing list
>> webkit-dev at lists.webkit.org
>> http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
>
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev

More information about the webkit-dev mailing list