HTML 5 Database Storage

[Joseph A Holsten]

Status: 410 Gone.

The SQL Database storage that used to be in HTML 5 has been removed,
both from the HTML 5 spec and from the Web Storage spec that had been
defining it. It is still present in the current Working Draftof the
Web Storage spec from April 23rd:
http://www.w3.org/TR/webstorage/#sql
http://www.w3.org/TR/2009/WD-webstorage-20090423/#sql
But as you can see for yourself, it's gone in the current Editor's
Draft:
http://dev.w3.org/html5/webstorage/#sql

Which is not to say ol Hixie hasn't been known to change his mind
before. But until the vulnerabilities in this are well considered, I
wouldn't count on SQL coming back:
http://trivero.secdiscover.com/html5whitepaper.pdf

Also, I forgot to mention the related issue of offline mode for HTML 5
docs. Seems like you'll get almost everything you could want with a
cache manifest:
http://www.whatwg.org/specs/web-apps/current-work/multipage/offline.html

Joseph Holsten

[Rod Knowlton]

It's late, and the print's pretty small on my iPhone, but that
whitepaper doesn't seem to say anything beyond "things that were
already insecure have further security implications with regard to
HTML 5 client side storage".

Was there any issue described that didn't require a vulnerability
that's not actually part of HTML5 Storage such as XSS, SQL injection,
or a compromised host?


On Aug 10, 2009, at 22:57, Joseph A Holsten <jos...@josephholsten.com>
wrote:

[John Hornbeck]

sql in html5 was just a bad idea. Each browser having to build to spec their own sql engines? I know some talked about sqlite but would they all really do that? Meh, key/value is the way to go

--
John Hornbeck
Support Manager
Engine Yard
http://engineyard.com

“Work hard to find something that fascinates you.” - Richard Feynman

[Rod Knowlton]

Are you saying providing a local data store so web apps can work offline is a bad idea?

Because key/value is only the way to go for key/value data. Gmail's new iPhone/Android interface couldn't possibly work without a relational database.

And yes, they really would all use sqlite3. They'd be insane not to. It's fast, small, public domain, supports transactions, has no external dependencies beyond C library functions and is already available for Win, OS X, and Linux. All the browsers need to build to spec is the bridge from JavaScript to sqlite3.

[John Hornbeck]

On Tue, Aug 11, 2009 at 4:29 AM, Rod Knowlton <rod.kn...@gmail.com> wrote:

Are you saying providing a local data store so web apps can work offline is a bad idea?

I think providing a nosql local store is a good idea.

 

Because key/value is only the way to go for key/value data. Gmail's new iPhone/Android interface couldn't possibly work without a relational database.

And yes, they really would all use sqlite3. They'd be insane not to. It's fast, small, public domain, supports transactions, has no external dependencies beyond C library functions and is already available for Win, OS X, and Linux. All the browsers need to build to spec is the bridge from JavaScript to sqlite3.

I think everyone expects sqlite3 but all you have to do is look at the js engines and css support per browser to realize they don't always do what you would expect to be the common sense thing.

[Rod Knowlton]

On Tue, Aug 11, 2009 at 09:21, John Hornbeck <horn...@gmail.com> wrote:

I think providing a nosql local store is a good idea.

 

Are you talking about this nosql, which requires a POSIX shell and a handful of UNIX utility programs?

 

[John Hornbeck]

No, I'm talking about the nosql community that has popped up recently that is key/value stores, schemaless db's, non-relational data stores, etc. 

 

[Brad V. aka iBspoof]

The WC3 and all of the people involved with HTML5 pretty much just
made sure that Google Gears is
a) used by everyone wanting offline local storage
b) that Google will be one of the big players or right now the ONLY
provider of such features.

Nothing like a monopoly being created because smart people can't
agree.


On Aug 11, 10:02 am, John Hornbeck <hornb...@gmail.com> wrote:
> On Tue, Aug 11, 2009 at 7:57 AM, Rod Knowlton <rod.knowl...@gmail.com>wrote:

>
>
>
> > On Tue, Aug 11, 2009 at 09:21, John Hornbeck <hornb...@gmail.com> wrote:
>
> >> I think providing a nosql local store is a good idea.
>

> > Are you talking about this nosql <http://www.linux.it/~carlos/nosql/>,

> > which requires a POSIX shell and a handful of UNIX utility programs?
>
> No, I'm talking about the nosql community that has popped up recently that
> is key/value stores, schemaless db's, non-relational data stores, etc.
>
>
>
> --
> John Hornbeck
> Support Manager

> Engine Yardhttp://engineyard.com

[Rod Knowlton]

Safari 4 and Mobile Safari 4 implement Web Database using sqlite3, and someone on the Gmail team has already written a common API to abstract away the differences between Gears and Apple's implementation: http://google-code-updates.blogspot.com/2009/05/gmail-for-mobile-html5-series-common.html

Note: That article redirects after loading to the blog home page for me, in a couple of browsers. I don't know if that's a proxy problem here at Initech or something borked at blogspot.