Javascript/jQuery Data Storage Method (Database)

Question

Hello!

I'm currently designing a website that would involve storing a long list of names (with no additional data) on the server and then outputting them to the client browser on request.

To store these names I obviously would need a data storage method of some sort and I was just wondering, as the entire site is coded in javascript/jquery, if there was a secure way to store these names and then output them using javascript?

I wish to avoid the PHP/MySQL route for server load reasons so I was thinking if the easiest thing to do would be to store the names in a plain text file on the server, then use AJAX to read the names and output them, but I don't know how secure that is to unauthorised changes. Please give me your thoughts on this method.

Another way would be to use the TaffyDB library, please give me your thoughts on that also.

I don't really care about unauthorised viewing of the data as they can see all of it anyway on the site, just unauthorised changes.

Thanks,

DLiKS

Answer 1

There is no secure way to store that just on the client.

Best scenario I could think of is the HTML5 storage. But that means you doom your customers to HTML5 browsers. Writing and reading textfiles from the local filesystem is a bad thing (bad bad karma) which requires lots of security tokens / browser settings.

I would really consider using serverside database storage.

Answer 2

File system access with JavaScript in the browser is not allowed - it basically violates the sandbox policy. See this previous SO post and this article.

JavaScript and the DOM provide the potential for malicious authors to deliver scripts to run on a client computer via the web. Browser authors contain this risk using two restrictions. First, scripts run in a sandbox in which they can only perform web-related actions, not general-purpose programming tasks like creating files.

What you're talking about doing can be done with a Silverlight app, ActiveX control (ugh!), Adobe Flash/AIR (I don't really know that platform), etc. Something with local storage that runs as essentially a plug-in to the browser.

If you don't want to go that route, then I think all you can do is store the data in a hidden value in your markup...but I wouldn't advise it. I agree with jAndy - go with serverside db storage.

Answer 3

SQLite is the one option you can consider in this case. SQLite is a light-weighted database server which does not require any overheads like startup, maintenance, etc (like you do for other RDBMS like Oracle, MySql, etc).

It works somewhat like an embedded db server in your application at server side.

Answer 4

Use CouchDB. Any information is accessible via AJAX (POST, GET..).

Answer 5

Storing the names in a text file on the server could be secure, depending on how secure your server is and how you set up permissions.

For example, with a secure linux webserver, you could set the file permissions so that only the 'root' user can write to the file, but anyone can read it. Many very important configuration files are secure just because of permissions like this in linux.

Answer 6

Check out this plugin: http://www.jstorage.info/

It has an impressive set of browser support including the IEs. It will integrate with most modern JS frameworks and can function standalone.