Yeah, I was thinking about that. Essentially it would be a keychain with one key on it -- since this is already being done for passwords elsewhere in Chrome, I was curious if there was or would be API access for extensions.
Right now it sounds like there are 3 solutions: 1. Save the password cleartext in localStorage 2. Prompt the user every time Chrome loads, and cache for session in memory (not completely secure, but at least the cleartext is in RAM instead of hard disk) 3. Encrypt the password with another password (key) which the user enters each time Chrome loads (same effect as #2) Admittedly, a solution like OAuth is cleaner, but it's not always possible (Delicious API being an example). What are other people doing in this situation? Am I missing something? On Mon, Sep 14, 2009 at 11:07 PM, Adam Barth <[email protected]> wrote: > > You could prompt for a master password to generate the key... > > Adam > > > On Mon, Sep 14, 2009 at 7:14 PM, Nick Baum <[email protected]> wrote: > > You could encrypt the passwords using a Javascript library, but then > you'd > > have to store the key somewhere in plaintext. > > -Nick > > > > On Mon, Sep 14, 2009 at 4:43 PM, krtulmay <[email protected]> wrote: > >> > >> Paul, it looks like you want to save these cleartext passwords across > >> different Chrome sessions/restarts? > >> > >> How do you think Chrome could do it differently using "somewhere is > >> Chrome's facility" that could save and retrieve data across restarts > >> that would be different than LocalStorage or Local Database? > >> > >> On Sep 14, 12:16 pm, Paul Rosania <[email protected]> wrote: > >> > Nick, thanks for the reply! > >> > What I'm running into is the need to store passwords in cleartext for > >> > APIs > >> > that use basic authentication (over HTTPS, of course). It would be > neat > >> > if > >> > I could store these somewhere in Chrome's facility. It sounds like > this > >> > isn't (yet?) possible. > >> > > >> > I can make do for now on my machine, but I would hesitate to release > >> > something that's storing passwords cleartext in localStorage. > >> > > >> > > >> > > >> > On Mon, Sep 14, 2009 at 1:59 PM, Nick Baum <[email protected]> > >> > wrote: > >> > > Hi Paul, glad to see you're trying it out! > >> > > You can store data using HTML5 local-storage or databases. Also, if > >> > > the API > >> > > supports OAuth, you could store the tokens instead of the passwords. > >> > > >> > > -Nick > >> > > >> > > On Fri, Sep 11, 2009 at 10:23 PM, Mohamed Mansour < > >> > > [email protected]> wrote: > >> > > >> > >> Not yet! > >> > >> -- Mohamed Mansour > >> > > >> > >> On Fri, Sep 11, 2009 at 9:20 PM, Paul Rosania > >> > >> <[email protected]>wrote: > >> > > >> > >>> I've been playing with a few addon ideas that work with APIs out > >> > >>> there on > >> > >>> the Interweb. > >> > >>> It would be great if there was a sandbox where I could store > >> > >>> passwords > >> > >>> for APIs that use HTTPS+Basic Auth as security. The alternative > for > >> > >>> me so > >> > >>> far has been to prompt at boot and keep it in memory, which just > >> > >>> doesn't > >> > >>> feel quite right. (Or, gasp, keep it on disk in clear text.) > >> > > >> > >>> Maybe there is a way to do this but I couldn't figure it out! > >> > >>> Thanks for > >> > >>> any pointers. > >> > > > > > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-extensions" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/chromium-extensions?hl=en -~----------~----~----~----~------~----~------~--~---
