WebSQL has a same-origin security model that normally prevents a webpage from accessing another webpage's websql databases. I'm curious to know how this is enforced in the cordova context given that app developers can set the webview to use a custom scheme and hostname. So if I use myapp://secure for instance, and another dev who wants to hack my app uses the same pattern for his malicious app, will his app get access to my app's databases if both are installed on a user's device?
This is part of a larger consideration of the type of sensitive info that can be saved in sqlite using this plugin.
WebSQL has a same-origin security model that normally prevents a webpage from accessing another webpage's websql databases. I'm curious to know how this is enforced in the cordova context given that app developers can set the webview to use a custom scheme and hostname. So if I use
myapp://securefor instance, and another dev who wants to hack my app uses the same pattern for his malicious app, will his app get access to my app's databases if both are installed on a user's device?This is part of a larger consideration of the type of sensitive info that can be saved in sqlite using this plugin.
Thanks!