How safe is BOL technique?

Question

Hi Dan,I have been reading the BOL technique and it appears it is built on the concept of probably hacking, for the lack of a better word "vulnerability" or open patch within quickbase. Is that true ? If so, do you think that technique will be around for long ?&nbsp;I know the alternate is the SW technique. The only issue i see with that technique is that it prompts the user for participation and hence we are at their mercy.&nbsp;Given the issue with the user having to opt in for SW, i was looking for an alternate way to have branding change done across the application and the only one that seems to come close is the BOL. But i am worried on the logevity of the solutions.&nbsp;What are your thoughts on the subject ?&nbsp;Thanks!!

_anomdiebolt_ · Answer

BOL is a hack that only an administrator can implement so you can consider it safe from a security viewpoint. But if you don't trust your administrator there are many other more direct ways the administrator could mess with your application and data without implementing BOL.The one benefit BOL has over other injection techniques is that once implemented it applies to the whole application. IOL only applies to the table it is implemented on and SW applies to either the entire account or an individual&nbsp;dbid. depending on how the scope is set when registered.My guess is that eventually QuickBase will probably support some way of supporting user supplied JavaScript and we will not need to rely on hacks that only an administrator can implement.Any of these techniques&nbsp; (IOL, BOL and variats) could break overnight if some code a QuickBase developer checked changed something. I think the word is that they are not going to make a breaking change. Service Workers probably can't be blocked by QuickBase &nbsp;in the current architecture because the browsers don't yet support the relevant header (this is bleeding edge stuff) .Content Security Policyhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-srcThere is a big opportunity for QuickBase to support Service Workers through CloudFlareWorkers..The bottom line is that I would encourage you and everyone else to engaged in a healthy dialog with QuickBase over your needs the technical features that are available. I think they are receptive.

_anomdiebolt_ · Answer

&gt;The only issue i see with that technique is that it prompts the user for participation and hence we are at their mercy.&nbsp;BTW this is not true. I coded some scripts to ask the user for permission only to provide visibility that I was using a&nbsp;Service Worker. Normally a website would never ask for permission. I guarantee you that&nbsp; there are Service Workers registered on your computer from sites you visited. Surprise yourself and see what Service Workers your machine has acquired due to casual browing:chrome://serviceworker-internals/I have a dozen Service Workers registered on a machine I reformatted last night.

joshuatate · Answer

Yer i dont tell my users, they just have it register and update based on conditions i set.&nbsp;

justintorrence · Answer

You should use your votes in Quick Base Product Feedback&nbsp;to let them know that is a change you want.

Forum Discussion

How safe is BOL technique?

Related Content

IOL Technique

EOTI. But Make it Safe!

Alternatives to common JavaScript Insertion techniques: information and resources

scooby do technique

Field Background Color without IOL Technique