Answer the question
In order to leave comments, you need to log in
How to store encrypted data in a plugin?
Goodnight. I'm making an extension that will access my site. I want to make some kind of key so that when accessing without it, the site gives an error. Because in the browser, it seems that all the information is stored in clear text, then the key can be stolen and used through third-party scripts. How to secure the site so that only through my extension at a certain address, a response with data is given? Or is it impossible?
Answer the question
In order to leave comments, you need to log in
It's impossible. Everything on the client is available to everyone.
You can only complicate the decoding of the script through obfuscation, but this is not for long.
Yes, if this key is an encryption key that will encrypt all critical information that is stored in the browser by the extension.
But you need to be careful, everything that works in the browser at the time the user enters the key must be trusted and not contain malicious code, and this is a web server and all downloaded scripts, on the pages of which the plugin interface will be activated (if the interface is a separate window, then this is no longer the case critical) as well as third-party extensions.
Or, the target extension must completely isolate all its interfaces, no global variables (it's not as simple as it seems) so that a malicious script on the site cannot access the code and data of the extension.
The decrypted data and the encryption key itself should not be written anywhere and should be stored only in RAM.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question