如何安全地存储Chrome扩展程序数据? [英] How do I store Chrome extension data securely?

问题描述

Chrome扩展程序文档明确声明 storage.sync 数据未加密:不应存储机密用户信息！存储区未加密."

Chrome extension documentation explicitly states that storage.sync data is not encrypted: "Confidential user information should not be stored! The storage area isn't encrypted."

推荐的方法是:1)安全保存持久数据(即，不会因重新启动浏览器或在其他设备上登录Chrome而造成损失)2)无需将任何内容传输到我的服务器(对于我来说是不必要的，希望为用户提供完全的数据控制权

What is the recommended method to: 1) Save persistent data securely (ie, no loss from restarting browser or logging into Chrome on a different device) 2) Without transferring anything to my server (unnecessary in my case and want to give user full data control)

推荐答案

您不能-就是这样.

Google Chrome文档警告所有使用扩展名存储数据的方式都是不安全的.基本上，所有数据源都可能遭到破坏:localStorage，Cookie，WebSql，Chrome.storage.因此，您无需扩展用户就能安全地存储数据的唯一方法就是将其发送到安全服务器.您可以在纯JS中使用Ajax，XMLHttpRequest来实现它.

Google Chrome docs warns about all the ways of storing data using extensions are insecure. Basically, all the data sources may be compromised: localStorage, Cookies, WebSql, Chrome.storage. So the only way you can store data securely without extension user to be able to reach it is to send it over to secure server. You can use Ajax, XMLHttpRequest in pure JS to make it happen.

P.S.我认为Google故意限制了这种可能性.请记住，您所有的内容脚本都在孤立的世界中工作.这一切都表明Google希望确保扩展程序对用户是透明的，并且不会隐藏任何内容或对用户的体验造成损害.

P.S. I assume Google has restricted this possibility on purpose. Keep in mind, that all of your content scripts are working in isolated worlds. This is all indicates that Google wanted to make sure the extension are transparent for user and will not hide anything or bring damage to one's experience.

这篇关于如何安全地存储Chrome扩展程序数据?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！