On Mon, Nov 08, 2010 at 12:55:22PM -0300, Alvaro Herrera wrote: > Excerpts from Charles Pritchard's message of sáb nov 06 23:20:13 -0300 2010: > > > Simple async sql sub-set (the spec in trouble): > > http://dev.w3.org/html5/webdatabase/ > > This is insane. This spec allows the server to run arbitrary SQL > commands on the client, AFAICT. That seems like infinite joy for > malicious people running webservers. The more powerful the dialect of > SQL the client implements, the more dangerous it is.
How is this different from the server asking the client to run an infinite loop in javascript? -- Sam http://samason.me.uk/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
