Not discussed yet is that data is secured between JavaScript from a web page on Site A accessing data originally stored from a web page on Site B. This is not allowed.
Note that a web page served from <http://www.domain.com/> cannot access a database saved from a web page served from <http://domain.com/>, and vice-versa. The protocol (or scheme), hostname, and (implied) port number must all match before the database is accessible. Dave On Fri, 10/3/08, Brady Eidson <[EMAIL PROTECTED]> wrote: > To expand on this point, > > The data you store on your user's system should be your > user's data. > It should belong to them, and therefore "security > concerns" about what > they do with it should be moot. > > You can, of course, encrypt the data or otherwise obfuscate > it before > storing it in the database, but that's not enough to > keep them from > poking around messing with it. > > First rule of computer security - all security measures are > worthless > if the attacker gains physical access to the machine. > > ~Brady > > On Oct 3, 2008, at 3:29 AM, Anthony Ricaud wrote: > > > Hi, > > > > The database storage (like cookies, localStorage and > sessionStorage) > > is stored locally. So everyone can modify it, you > can't rely on it. > > It's really easy to do so with the Database panel > in the Web > > Inspector. > > > > Anthony. > > > > Le 3 oct. 08 à 02:45, Loll a écrit : > > > >> Hi, > >> > >> Im not sure if this is the right place to ask this > or not, so im > >> sorry > >> in advance if it is. > >> > >> I am interested in the database Storage that is > now available through > >> webkit and had a few questions about it. > >> > >> My main point of interest is in the security of > it. Right now, the > >> website I develop uses PHP and information is > stored using PHP > >> sessions. From a servers point of view I can see a > lot of advantages > >> of storing such data locally. For one thing , its > lot less reads and > >> writes to the server, making it a bit faster I > would expect. > >> > >> But how secure is the data? is it secure enough to > reliably put such > >> info on a clients system? Im not talking about > bank data here, but I > >> am looking at data that I would not want to be > altered or viewed in > >> its raw format all the same. > >> > >> Is it safe to assume that no one is going to get > into it , any more > >> than its safe to assume that no one is going to > hijack a PHP Session > >> to gain access to the same data? > >> > >> Anyway I just wondered if was a good idea to think > about moving in > >> the > >> direction of local storage vs server storage and > what level of data > >> should be safely stored that way, vs what > shouldn't be stored that > >> way. > >> > >> Thanks > >> > >> Loll > >> _______________________________________________ > >> webkit-dev mailing list > >> [email protected] > >> > http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev > > > > _______________________________________________ > > webkit-dev mailing list > > [email protected] > > > http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev > > _______________________________________________ > webkit-dev mailing list > [email protected] > http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev _______________________________________________ webkit-dev mailing list [email protected] http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
