On Mon, Nov 08, 2010 at 12:55:22PM -0300, Alvaro Herrera wrote:
> Excerpts from Charles Pritchard's message of sáb nov 06 23:20:13 -0300 2010:
>
> > Simple async sql sub-set (the spec in trouble):
> > http://dev.w3.org/html5/webdatabase/
>
> This is insane. This spec allows the server to run arbitrary SQL
> commands on the client, AFAICT. That seems like infinite joy for
> malicious people running webservers. The more powerful the dialect of
> SQL the client implements, the more dangerous it is.
How is this different from the server asking the client to run an
infinite loop in javascript?
--
Sam http://samason.me.uk/