Hacker News new | past | comments | ask | show | jobs | submit login

really nice that you've used wasm and no server. This seems really secure to test.

I was thinking at first: Hey, this might be kinda dangerous, imagine iterating in a tool and sending my database to a server and any attacker retrieves the database.

But since it runs everything inside of the browser with wasm i found it WAY more secure. Nice that you've done it, will probably use it a lot.




Thanks! I've always liked the idea of SQL in the browser, since the Web SQL times.

That part is provided by the excellent sql.js project btw: https://github.com/sql-js/sql.js/


It would of course also increase server's potential attack layer. sqlite had some bugs, potentially exploitable, if you are able to invoke arbitrary statements

https://www.sqlite.org/cves.html https://www.sqlite.org/security.html


It can't change under you on a whim though, can't it? Unless you host it yourself.


Sure but you can always keep the network tab in the devtools open and be confident nothing is getting exfiltrated


Once you see a connection doing so, it is too late :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: