How to store encrypted data in a plugin?

M

maksam072021-11-22 07:03:10

Google Chrome

maksam07, 2021-11-22 07:03:10

Goodnight. I'm making an extension that will access my site. I want to make some kind of key so that when accessing without it, the site gives an error. Because in the browser, it seems that all the information is stored in clear text, then the key can be stolen and used through third-party scripts. How to secure the site so that only through my extension at a certain address, a response with data is given? Or is it impossible?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

N

Nikolay Savelyev, 2021-11-22
@AgentSmith

It's impossible. Everything on the client is available to everyone.
You can only complicate the decoding of the script through obfuscation, but this is not for long.

R

rPman, 2021-11-22
@rPman

Yes, if this key is an encryption key that will encrypt all critical information that is stored in the browser by the extension.
But you need to be careful, everything that works in the browser at the time the user enters the key must be trusted and not contain malicious code, and this is a web server and all downloaded scripts, on the pages of which the plugin interface will be activated (if the interface is a separate window, then this is no longer the case critical) as well as third-party extensions.
Or, the target extension must completely isolate all its interfaces, no global variables (it's not as simple as it seems) so that a malicious script on the site cannot access the code and data of the extension.
The decrypted data and the encryption key itself should not be written anywhere and should be stored only in RAM.