Git Product home page Git Product logo

Comments (9)

prnxdev avatar prnxdev commented on May 18, 2024 1

I don't see any contraindications. I web API there is something like IndexedDB which is client-side only. Also there is localStorage API which still is client-side only and is fully usable. Client side DB could be used to cache some simple informations, not whole sensitive data.

I agree that there should be client side DB.

from mtasa-blue.

jushar avatar jushar commented on May 18, 2024

I like the idea. However, I'm not sure if SQLite is secure enough, because some statements like the ATTACH statement allow for arbitrary filesystem access which could result in code execution (see https://resources.infosecinstitute.com/code-execution-and-privilege-escalation-databases/).

Either we'd need to investigate if it's possible to harden SQLite or do some research on alternative database systems.

from mtasa-blue.

CrosRoad95 avatar CrosRoad95 commented on May 18, 2024

You said that SQLite could be dangerous, but server side support sqllite, so i can already hack hosting ?

from mtasa-blue.

patrikjuvonen avatar patrikjuvonen commented on May 18, 2024

@CrosRoad95 Server is responsible for handling the queries, therefore it is not vulnerable the same way as you can use parametrized SQL queries. On client-side you could do anything without the end-user knowing about it.

Edit: And if you meant your hosting service, you can't quite hack your hosting service, unless they're complete idiots.

from mtasa-blue.

emre1702 avatar emre1702 commented on May 18, 2024

Predefined methods for insert, update and select could be possible or not?
Could be helpful to handle clientside settings and data.

from mtasa-blue.

patrikjuvonen avatar patrikjuvonen commented on May 18, 2024

Can be injected.

We need a 100% reliable way to disable/deauth certain functions and keywords.

from mtasa-blue.

Pirulax avatar Pirulax commented on May 18, 2024

he stole my idea 😂
Nah, we discussed this, and I realized that there is no real reason for c.s. db.
Maybe @CrosRoad95 or someone has some ideas where they'd use c.s. db.

from mtasa-blue.

avatar commented on May 18, 2024

Why dont you use a json string which you are storing in a file ? I dont really think that databases should be clientsided as they would open security vulnerables

from mtasa-blue.

patrikjuvonen avatar patrikjuvonen commented on May 18, 2024

If we were to work on this issue, we'd have to find a good database candidate with client security as the priority.

from mtasa-blue.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.