On Sun, Dec 6, 2009 at 2:00 PM, redhead <redh...@email.cz> wrote: > Hi, > I am trying to create my own first extension for chrome, which is > build on Web API of some internet service. But thing is that to use > this API it is needed a special secret hash (which I got from > registering the service), and which is sent in url (hashed again with > some other values by md5) to do some action on the other side. But it > is not safe for this hash to be accessible to any person (by > inspecting or debugging my extension) and easily make unsafe > operations with it. Is there a way to store a secret (or private) > information without being worried they can be exposed to 'more clever' > users?? > > I use this hash in javascript (obviously) like this: > > var secretHash = 'abcdegh12345'; > //and then constructing url > var url = "http://example.com/?action="+md5('some_params'+secretHash); > //and getting response by ajax call >
In the limit, it is not possible to hide anything in an extension. A determined user could undo whatever kind of obfuscation you try to use to hide the hash. It might be better to have the extension send requests to your own server and then make the API requests from your server. -a -- You received this message because you are subscribed to the Google Groups "Chromium-extensions" group. To post to this group, send email to chromium-extensi...@googlegroups.com. To unsubscribe from this group, send email to chromium-extensions+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/chromium-extensions?hl=en.
