You can always inject it through NPAPI or something, I guess. Na... a sniffer can tell you the information, then. Well, anything can be sniffed.
☆PhistucK On Mon, Dec 7, 2009 at 17:02, redhead <redh...@email.cz> wrote: > Well, that is sick. Wouldn't it be great that user can debug just his > own extensions (ie. would have to enter a extension key)? Other users > would not be able to open and debug the code to seek for such > information. This is really a question to discuss I think. And it > really bugs me that everyone can see my code I have written. > > Anyway thanks for your help. > > On 7 pro, 00:46, Aaron Boodman <a...@google.com> wrote: > > On Sun, Dec 6, 2009 at 2:00 PM, redhead <redh...@email.cz> wrote: > > > Hi, > > > I am trying to create my own first extension for chrome, which is > > > build on Web API of some internet service. But thing is that to use > > > this API it is needed a special secret hash (which I got from > > > registering the service), and which is sent in url (hashed again with > > > some other values by md5) to do some action on the other side. But it > > > is not safe for this hash to be accessible to any person (by > > > inspecting or debugging my extension) and easily make unsafe > > > operations with it. Is there a way to store a secret (or private) > > > information without being worried they can be exposed to 'more clever' > > > users?? > > > > > I use this hash in javascript (obviously) like this: > > > > > var secretHash = 'abcdegh12345'; > > > //and then constructing url > > > var url = "http://example.com/?action="+md5('some_params'+secretHash); > > > //and getting response by ajax call > > > > In the limit, it is not possible to hide anything in an extension. A > > determined user could undo whatever kind of obfuscation you try to use to > > hide the hash. > > > > It might be better to have the extension send requests to your own server > > and then make the API requests from your server. > > > > -a > > -- > > You received this message because you are subscribed to the Google Groups > "Chromium-extensions" group. > To post to this group, send email to chromium-extensi...@googlegroups.com. > To unsubscribe from this group, send email to > chromium-extensions+unsubscr...@googlegroups.com<chromium-extensions%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/chromium-extensions?hl=en. > > > -- You received this message because you are subscribed to the Google Groups "Chromium-extensions" group. To post to this group, send email to chromium-extensi...@googlegroups.com. To unsubscribe from this group, send email to chromium-extensions+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/chromium-extensions?hl=en.
