Re: Sécurité with local storage

Jorge Villalobos jorge at
Thu Oct 5 20:05:28 UTC 2017

For legacy add-ons, our recommendation for storing passwords or other
confidential configurations was to use the Login Manager. However, this
hasn't been exposed in the WebExtensions API (yet).

I suggest encrypting the string before storing it. They encryption key
would still be hardcoded in your add-on code, but at least the password
isn't exposed on disk.


On 10/5/17 12:33 PM, geoffreydebelie wrote:
> It is not hard to find the file. You can open your profile and navigate
> to the directory browser-extension-data where all
> files are kept. You could set read permissions on this file on your
> computer (using the filesystem capabilities) but this would not be
> secure enough for widespread usage.
> Kind regards,
> Geoffrey
> ---- On do, 05 okt 2017 20:20:19 +0200 *Alexis Krier
> <alexis.krier at>* wrote ----
>     Ok, but it should be difficult to access this file. As I have no
>     server to store a token, this is my better choice
>     _______________________________________________
>     Dev-addons mailing list
>     Dev-addons at <mailto:Dev-addons at>
> _______________________________________________
> Dev-addons mailing list
> Dev-addons at

More information about the Dev-addons mailing list