42 lines
1.1 KiB
Plaintext
42 lines
1.1 KiB
Plaintext
== Why is this an issue?
|
|
|
|
The Web SQL Database standard never saw the light of day. It was first formulated, then deprecated by the W3C and was only implemented in some browsers. (It is not supported in Firefox or IE.)
|
|
|
|
|
|
Further, the use of a Web SQL Database poses security concerns, since you only need its name to access such a database.
|
|
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,javascript]
|
|
----
|
|
var db = window.openDatabase("myDb", "1.0", "Personal secrets stored here", 2*1024*1024); // Noncompliant
|
|
----
|
|
|
|
|
|
== Resources
|
|
|
|
* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
|
|
* OWASP - https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[Top 10 2017 Category A9 - Using Components with Known Vulnerabilities]
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Convert this use of a Web SQL database to another technology
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== on 13 Apr 2015, 06:43:08 Linda Martin wrote:
|
|
Reviewed.
|
|
|
|
endif::env-github,rspecator-view[]
|