You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
WebSQL has a same-origin security model that normally prevents a webpage from accessing another webpage's websql databases. I'm curious to know how this is enforced in the cordova context given that app developers can set the webview to use a custom scheme and hostname. So if I use myapp://secure for instance, and another dev who wants to hack my app uses the same pattern for his malicious app, will his app get access to my app's databases if both are installed on a user's device?
This is part of a larger consideration of the type of sensitive info that can be saved in sqlite using this plugin.
Thanks!
The text was updated successfully, but these errors were encountered:
WebSQL has a same-origin security model that normally prevents a webpage from accessing another webpage's websql databases. I'm curious to know how this is enforced in the cordova context given that app developers can set the webview to use a custom scheme and hostname. So if I use
myapp://securefor instance, and another dev who wants to hack my app uses the same pattern for his malicious app, will his app get access to my app's databases if both are installed on a user's device?This is part of a larger consideration of the type of sensitive info that can be saved in sqlite using this plugin.
Thanks!
The text was updated successfully, but these errors were encountered: