Comments on: Google Gears DB Abstractions

By: easyleft

easyleft — Thu, 04 Oct 2007 07:06:07 +0000

This is just “Make Available Offline” for ‘web apps’. You used to be able to just save all the HTML & links from a site and navigate the site offline. Now, most web pages serve content to you that is independent of what other users see on the very same URL. You, the user, can’t keep any of that, not even a cache. So if you pull the cable, you’re hooped. What if you are typing an email in Webmail, your dsl/wireless/dialu-up flakes out 1 second before hitting “Save Draft” ? Your totally screwed even after restarting your connection.

Some will want gears, some won’t. It should make a lot of sense for many very large, custom content sites. Obviously, not all sites should even consider it right away.

By: Rodrigo

Rodrigo — Mon, 04 Jun 2007 20:33:18 +0000

Since the database is stored into the user computer,if he deletes the data or do anything else with it , he will be deleting his data only, not having any effect in any other users. So the “bad” user will be really be ruining himself…

By: uriel katz

uriel katz — Mon, 04 Jun 2007 13:56:28 +0000

about code security,you always can manipulate a ajax application to do bad things,there should be also a server-side validation like in everything else.

By: stu

stu — Mon, 04 Jun 2007 13:46:50 +0000

Or….you could just do it all online. Am I the only one who’s not seeing the purpose?

By: Shawn Lauriat

Shawn Lauriat — Mon, 04 Jun 2007 13:36:58 +0000

I took a quick peak at the source and it looks like the SQL only goes as far as the Google Gears Database Module, instead of anything server-side. That said, this bit of the description cracks me up, considering the scripts all exist in cleartext in the control of the user's browser:

SQL statements passed to execute() can and should use bind parameters (?) to prevent SQL injection attacks.

By: Anders Mattson

Anders Mattson — Mon, 04 Jun 2007 12:05:48 +0000

I’m more concerned about solving multi-user issues when it comes to offline database content. If it’s only one user manipulating the data in the database, fine. If there’s lots of people accessing the same data and manipulating it, they’re going to have a great time reviewing all changes that collide.

For me, the point of a web application is that multiple people see the same data wherever they are, knowing that the data is up to date.
And I must agree with Jojo – javascript db queries? Either it’s not secure at all, or the programmers have to be really sure that the users can’t send the wrong queries to the server.

By: Jojo

Jojo — Mon, 04 Jun 2007 11:37:12 +0000

Am I the only one worried about security? What would stop an evil guy from doing SELECT * FROM users or even worse DELETE FROM xxxx? Most of the server side frameworks, even PHP frameworks, have tried so hard to give us programmers nice tools to circumvent these kinds of problems. Problems which arise from an untrustworthy client sending some manipulated query. And now SQL shall be done client side? What a piece of unpracticable crap.

By: Nick

Nick — Mon, 04 Jun 2007 11:33:32 +0000

Hi!

Could you explain about db login data? Where this sould be stored?

Thanks.

By: Dan

Dan — Mon, 04 Jun 2007 09:53:57 +0000

Hi, it's cool. GearsSQL, is a good port from php ezSQL class. The documentation is in Spanish but it's so good.

By: web design firenze

web design firenze — Mon, 04 Jun 2007 09:15:58 +0000

I don’t really know if this is the right way to go, I know that this is the future, but we worked a lot on kickass opeating system features and we force ourself using clunky html – javascript – css while there is so much better on the desktop side of our computers.

By: uriel katz

uriel katz — Mon, 04 Jun 2007 08:52:47 +0000

as much is i like JavaScript,i would prefer Python more than JavaScript ;)
as of using the Server-Side as a proxy,that is how most Web Applications work,the server side is a proxy to the database and to a businesses logic.

By: Peter Svensson

Peter Svensson — Mon, 04 Jun 2007 08:35:55 +0000

Hmm. Maybe if we pose the question the other way around; Given the extreme ease and power of javascript, why would we ever again want to write any server-side code whatsoever, if valid alternatives exists here were the action is.

I hope that the future brings us static and minimalistic server-side “middleware” which only implement what absolutely cannot be implemented on the client (security, proxying and storage aggregation, for instance), leaving us with only the good times in life :)

psvensson at gmail dot com

By: uriel katz

uriel katz — Mon, 04 Jun 2007 08:32:56 +0000

think of a world that doesn`t have the bad “next,next,next”,no package managers,you just type a url and start working,no more bullshit,no more version update,just stuff that work.
that is the promise of Web applications that work also offline.

now these abstractions are just to make the developer life eaiser :)

By: stu

stu — Mon, 04 Jun 2007 08:15:20 +0000

This is genuinely impressive stuff guys…
But will someone please explain, why?
I really want to be convinced that offline apps are big and cool and important, but will I ever need to use one?

By: uriel katz

uriel katz — Mon, 04 Jun 2007 06:53:40 +0000

thanks for posting about my work :).
i read your code,and i most say i am really impressed.
now that i see there is interest,i am doing a rewrite to support relations,cascading and etc.