[webkit-dev] Database Storage
ddkilzer at webkit.org
Fri Oct 3 13:18:33 PDT 2008
Note that a web page served from <http://www.domain.com/> cannot access a database saved from a web page served from <http://domain.com/>, and vice-versa. The protocol (or scheme), hostname, and (implied) port number must all match before the database is accessible.
On Fri, 10/3/08, Brady Eidson <beidson at apple.com> wrote:
> To expand on this point,
> The data you store on your user's system should be your
> user's data.
> It should belong to them, and therefore "security
> concerns" about what
> they do with it should be moot.
> You can, of course, encrypt the data or otherwise obfuscate
> it before
> storing it in the database, but that's not enough to
> keep them from
> poking around messing with it.
> First rule of computer security - all security measures are
> if the attacker gains physical access to the machine.
> On Oct 3, 2008, at 3:29 AM, Anthony Ricaud wrote:
> > Hi,
> > The database storage (like cookies, localStorage and
> > is stored locally. So everyone can modify it, you
> can't rely on it.
> > It's really easy to do so with the Database panel
> in the Web
> > Inspector.
> > Anthony.
> > Le 3 oct. 08 à 02:45, Loll a écrit :
> >> Hi,
> >> Im not sure if this is the right place to ask this
> or not, so im
> >> sorry
> >> in advance if it is.
> >> I am interested in the database Storage that is
> now available through
> >> webkit and had a few questions about it.
> >> My main point of interest is in the security of
> it. Right now, the
> >> website I develop uses PHP and information is
> stored using PHP
> >> sessions. From a servers point of view I can see a
> lot of advantages
> >> of storing such data locally. For one thing , its
> lot less reads and
> >> writes to the server, making it a bit faster I
> would expect.
> >> But how secure is the data? is it secure enough to
> reliably put such
> >> info on a clients system? Im not talking about
> bank data here, but I
> >> am looking at data that I would not want to be
> altered or viewed in
> >> its raw format all the same.
> >> Is it safe to assume that no one is going to get
> into it , any more
> >> than its safe to assume that no one is going to
> hijack a PHP Session
> >> to gain access to the same data?
> >> Anyway I just wondered if was a good idea to think
> about moving in
> >> the
> >> direction of local storage vs server storage and
> what level of data
> >> should be safely stored that way, vs what
> shouldn't be stored that
> >> way.
> >> Thanks
> >> Loll
> >> _______________________________________________
> >> webkit-dev mailing list
> >> webkit-dev at lists.webkit.org
> > _______________________________________________
> > webkit-dev mailing list
> > webkit-dev at lists.webkit.org
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
More information about the webkit-dev