Re: Sécurité with local storage

Jorge Villalobos jorge at mozilla.com
Thu Oct 5 20:05:28 UTC 2017


For legacy add-ons, our recommendation for storing passwords or other
confidential configurations was to use the Login Manager. However, this
hasn't been exposed in the WebExtensions API (yet).

I suggest encrypting the string before storing it. They encryption key
would still be hardcoded in your add-on code, but at least the password
isn't exposed on disk.

Jorge

On 10/5/17 12:33 PM, geoffreydebelie wrote:
> It is not hard to find the file. You can open your profile and navigate
> to the directory browser-extension-data where all browser.storage.local
> files are kept. You could set read permissions on this file on your
> computer (using the filesystem capabilities) but this would not be
> secure enough for widespread usage.
> 
> Kind regards,
> Geoffrey
> 
> 
> ---- On do, 05 okt 2017 20:20:19 +0200 *Alexis Krier
> <alexis.krier at toujours.top>* wrote ----
> 
>     Ok, but it should be difficult to access this file. As I have no
>     server to store a token, this is my better choice
>     _______________________________________________
>     Dev-addons mailing list
>     Dev-addons at mozilla.org <mailto:Dev-addons at mozilla.org>
>     https://mail.mozilla.org/listinfo/dev-addons
> 
> 
> 
> 
> _______________________________________________
> Dev-addons mailing list
> Dev-addons at mozilla.org
> https://mail.mozilla.org/listinfo/dev-addons
> 


More information about the Dev-addons mailing list