0

I'm aware of the following ..

  • Saving them using Storage api is not secure, since they are openly accessible on disk
  • Could encrypt them before saving to Storage, but decrypt mechanism is well known
  • Credentials are only secure if laptop is powered off :)

I need the username and password since I make a login request to my web service inside my background.js script once loaded:

xmlhttp.setRequestHeader('Authorization', 'Basic ' + btoa(username + ':' + password));

Would the most secure method be, provide a UI which does not persist the credentials?

When form submitted I make the login request using provided username and password. So every-time browser is loaded, user would be required to re-enter the credentials

bobbyrne01
  • 6,295
  • 19
  • 80
  • 150
  • 1
    Possible duplicate of [Chrome extension login best practices](http://stackoverflow.com/questions/7217137/chrome-extension-login-best-practices) – Haibara Ai Dec 22 '16 at 23:06
  • There's an experimental API to the browser's saved passwords: https://developer.mozilla.org/en-US/docs/Web/API/Credential_Management_API. But until that becomes more mature, you'd probably want to prompt the user for their username and password, just like most websites do. – Barmar Dec 22 '16 at 23:29

0 Answers0