As i'm aware that client side data should never be trusted
i'd like to ask if there is a way to verify
that guest has my browser addon installed and it is not modified by someone else.
My idea would be:
1. Store unique keys on my server that are issued
on installation
2. Saving them to addon storage
3. Check agains those keys on visit
4. Changing those keys inside of addon on time basis with addon update.
EDIT:
As @nmaier said in comment, user could get key/keypair and provide them to modified addon.
If they would provide it manually each time then i probably couldn't do much about it.
I think of blocking modified addon to automatically update itself.
So i got two questions:
1. Could modified addon sniff communication by original one (to extract the keys)?
2. Is browser data storage accessible by standalone .exe program or is data encrypted?
Asked
Active
Viewed 59 times
0
Jask
- 660
- 10
- 23
-
I don't think I understand your question entirely?! Anyway, there is no way to check the add-on you're communicating with was not modified, you can only make it harder. For example, if you server issued some kind of key/keypair, what would hinder the user and/or modified add-on to retrieve said key/keypair later? – nmaier Oct 14 '13 at 21:01
-
@nmaier i see it would be hard to do. Thank you for comment – Jask Oct 15 '13 at 11:33