在 Google Chrome 扩展程序中存储密码 [英] Storage of passwords in Google Chrome Extension
问题描述
我开始阅读 Google Chrome 的文档,并喜欢它使用 HTML 和 Javascript 创建扩展的方法.阅读关于本地存储的本教程让我想到了很多不同的用途.
I started reading Google Chrome's documentation, and liked it's approach of using HTML and Javascript to create extensions. Reading this tutorial about Local Storage made me think about a lot of different uses.
我想开发一个扩展程序来帮助我处理公司系统.它非常具体,而且只会在公司内部使用.
I want to develop an extension to help me with corporate systems. It's very specific, and it's only going to be used inside a company.
此扩展程序将使用 javascript DOM 对该公司系统执行一些活动,只需单击 Google 的 Chrome 工具栏.要一键工作,扩展程序需要在 Chrome 中存储密码:因此,如果您重新启动系统,则无需再次输入.
This extension would do some activities to this corporate system, using javascript DOM, with just one click on Google's Chrome toolbar. To work with just one click, the extension needs to store a password in Chrome: so if you restart your system, you don't need to enter it again.
我该怎么做?在 Google Chrome 扩展程序中保留密码以登录另一个系统?我不想将其存储为纯文本",我想至少使用某种加密(可能是带有此资源的 Google Chrome API).
How do I do that? Persist a password in a Google Chrome extension to login to another system? I don't want to store it in "plain text", I would like to at least use some kind of encryption (maybe a Google Chrome API with this resource).
有可能吗?如何使用 Google Chrome 的扩展结构保存这些数据(最佳方式)?
Is it possible? How do I persist this data with Google Chrome's extensions structure (best way)?
推荐答案
您可以使用 localStorage(或 Web SQL 数据库 API).但不是很安全.任何能够访问用户计算机的人都可以检索密文,从您的扩展源中提取加密算法,并确定明文密码.
You could encrypt and store a user’s password with localStorage (or the Web SQL Database API). But not very securely. Anyone who gained access to the user’s computer could retrieve the ciphertext, pluck the encryption algorithm out of your extension source, and determine the plaintext password.
如果可行,这里有几个更安全的解决方案:
If feasible, here are a couple more bulletproof solutions:
搭载用户登录网络界面.例如,请参阅 谷歌邮件检查器.
通过 OAuth(或类似的授权方案)连接到服务.例如,请参阅 Google Wave 通知器.
Connect to the services through OAuth (or a similar authorization scheme). For an example, see the Google Wave Notifier.
这篇关于在 Google Chrome 扩展程序中存储密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
