Monday, February 11, 2008

Client-side SQL, Who's Idea was This?

As noted in this Mac Rumors post Apple (or the Webkit team) are following along with the HTML5 spec quite quickly. Great stuff, if you ask me.

My problem, as a developer is this: we already have to deal with the dangers, although minimal, of SQL injection. Combine SQL injection with a lack of trust for anything saved on a client machine (read: cookies, etc.) we have a nearly useless nightmare. On top of all this, there is a huge danger in storing sensitive information, which, some stupid developer is liable to do from day one, along with the certain potential for giving the wrong user's data out. The nightmares go on and on. This idea shares every known issue with using SQL databases along with every vulnerability in client-side data.

As for the usefulness of such a solution, I see it as being extremely useful. However, it won't be useful until at least Firefox has it down, if not IE8/9/∞. Even at that point, it may not be useful for most developers aside from the truly bleeding-edge (take Google as an example, which already has Google Gears). With all the risks and the likely lack of support from the browsers for a long time to come, this is one feature I won't bother taking my precious time to investigate or learn fully.

Bring on the rest of the HTML5 spec. though!

No comments: