Comments (9)
I don't see any contraindications. I web API there is something like IndexedDB which is client-side only. Also there is localStorage API which still is client-side only and is fully usable. Client side DB could be used to cache some simple informations, not whole sensitive data.
I agree that there should be client side DB.
from mtasa-blue.
I like the idea. However, I'm not sure if SQLite is secure enough, because some statements like the ATTACH
statement allow for arbitrary filesystem access which could result in code execution (see https://resources.infosecinstitute.com/code-execution-and-privilege-escalation-databases/).
Either we'd need to investigate if it's possible to harden SQLite or do some research on alternative database systems.
from mtasa-blue.
You said that SQLite could be dangerous, but server side support sqllite, so i can already hack hosting ?
from mtasa-blue.
@CrosRoad95 Server is responsible for handling the queries, therefore it is not vulnerable the same way as you can use parametrized SQL queries. On client-side you could do anything without the end-user knowing about it.
Edit: And if you meant your hosting service, you can't quite hack your hosting service, unless they're complete idiots.
from mtasa-blue.
Predefined methods for insert, update and select could be possible or not?
Could be helpful to handle clientside settings and data.
from mtasa-blue.
Can be injected.
We need a 100% reliable way to disable/deauth certain functions and keywords.
from mtasa-blue.
he stole my idea 😂
Nah, we discussed this, and I realized that there is no real reason for c.s. db.
Maybe @CrosRoad95 or someone has some ideas where they'd use c.s. db.
from mtasa-blue.
Why dont you use a json string which you are storing in a file ? I dont really think that databases should be clientsided as they would open security vulnerables
from mtasa-blue.
If we were to work on this issue, we'd have to find a good database candidate with client security as the priority.
from mtasa-blue.
Related Issues (20)
- UTF8 Encoding of traffic HOT 3
- Some bike handling properties have no effect, but in Singleplayer they work
- onClientPlayerDamage doesn't trigger for players doing driveby
- onClientWorldSound is only cancellable for vehicles sounds HOT 2
- MySQL SSL connection error: unknown error number HOT 13
- guiCreateStaticImage unable to us dxTexture as valid image HOT 5
- New events - onElementAttach/onElementDetach HOT 2
- Adds the ability to load and play cutscene HOT 2
- engineRestreamWorld Breaks Custom Vehicle Collisions /Shadows
- Setting flag disable_backface_culling doesn't work HOT 2
- MySQL module error HOT 2
- getPedMoveState is unusable due to AC bug HOT 1
- Protected Element Data HOT 12
- After the update, the local server and map editor stopped working HOT 8
- Windows Server support base features HOT 3
- Add event for players changing position (by a significant distance) HOT 3
- Not fully correct acl.xml
- fileRead bug HOT 3
- corrupted double-linked list
- MTA error CL22 (Antivirus blocking) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mtasa-blue.