在Google Chrome扩展程序中存储密码 [英] Storage of passwords in Google Chrome Extension

问题描述

我开始阅读Google Chrome的文档，并且喜欢使用HTML和Javascript来创建扩展。阅读关于本地存储的本教程让我想到了许多不同的使用。

我想开发一个扩展程序来帮助我使用公司系统。这是非常具体的，它只会在公司内部使用。

这个扩展将使用javascript DOM做一些活动到这个公司系统，只需点击一下Google的Chrome工具栏。只需点击一下鼠标，扩展程序就需要在Chrome中存储密码：因此，如果您重新启动系统，则无需再次输入。

我要这样做吗？在谷歌浏览器扩展中保存密码以登录到其他系统？我不想以纯文本存储它，我想至少使用某种加密方式（也许是使用此资源的Google Chrome API）。

可能吗？如何使用Google Chrome的扩展结构坚持这些数据（最佳方式）？

使用 localStorage （或加密和存储用户密码Web SQL数据库API ）。但不是很安全。任何获得用户计算机访问权限的人都可以检索密文，从您的扩展源中提取加密算法，并确定明文密码。

再加上一些防弹解决方案：

• 用户登录到Web界面后捎带。有关示例，请参阅 Google Mail Checker 。




• 通过OAuth（或类似的授权方案）连接到服务。有关示例，请参阅 Google Wave Notifier 。

I started reading Google Chrome's documentation, and liked it's approach of using HTML and Javascript to create extensions. Reading this tutorial about Local Storage made me think about a lot of different uses.

I want to develop an extension to help me with corporate systems. It's very specific, and it's only going to be used inside a company.

This extension would do some activities to this corporate system, using javascript DOM, with just one click on Google's Chrome toolbar. To work with just one click, the extension needs to store a password in Chrome: so if you restart your system, you don't need to enter it again.

How do I do that? Persist a password in a Google Chrome extension to login to another system? I don't want to store it in "plain text", I would like to at least use some kind of encryption (maybe a Google Chrome API with this resource).

Is it possible? How do I persist this data with Google Chrome's extensions structure (best way)?

解决方案

You could encrypt and store a user’s password with localStorage (or the Web SQL Database API). But not very securely. Anyone who gained access to the user’s computer could retrieve the ciphertext, pluck the encryption algorithm out of your extension source, and determine the plaintext password.

If feasible, here are a couple more bulletproof solutions:

• Piggyback on the user logging into a web interface. For an example, see the Google Mail Checker.

• Connect to the services through OAuth (or a similar authorization scheme). For an example, see the Google Wave Notifier.

这篇关于在Google Chrome扩展程序中存储密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！