I'm sorry, but this is a physical impossibility. Many people have tried to engineer around this problem (e.g., to create DRM) without much success.
I recommend you do what Aaron says and store the secret on your server. It's quite easy to create a web service nowadays with AppEngine. Adam On Mon, Dec 7, 2009 at 7:02 AM, redhead <redh...@email.cz> wrote: > Well, that is sick. Wouldn't it be great that user can debug just his > own extensions (ie. would have to enter a extension key)? Other users > would not be able to open and debug the code to seek for such > information. This is really a question to discuss I think. And it > really bugs me that everyone can see my code I have written. > > Anyway thanks for your help. > > On 7 pro, 00:46, Aaron Boodman <a...@google.com> wrote: >> On Sun, Dec 6, 2009 at 2:00 PM, redhead <redh...@email.cz> wrote: >> > Hi, >> > I am trying to create my own first extension for chrome, which is >> > build on Web API of some internet service. But thing is that to use >> > this API it is needed a special secret hash (which I got from >> > registering the service), and which is sent in url (hashed again with >> > some other values by md5) to do some action on the other side. But it >> > is not safe for this hash to be accessible to any person (by >> > inspecting or debugging my extension) and easily make unsafe >> > operations with it. Is there a way to store a secret (or private) >> > information without being worried they can be exposed to 'more clever' >> > users?? >> >> > I use this hash in javascript (obviously) like this: >> >> > var secretHash = 'abcdegh12345'; >> > //and then constructing url >> > var url = "http://example.com/?action="+md5('some_params'+secretHash); >> > //and getting response by ajax call >> >> In the limit, it is not possible to hide anything in an extension. A >> determined user could undo whatever kind of obfuscation you try to use to >> hide the hash. >> >> It might be better to have the extension send requests to your own server >> and then make the API requests from your server. >> >> -a > > -- > > You received this message because you are subscribed to the Google Groups > "Chromium-extensions" group. > To post to this group, send email to chromium-extensi...@googlegroups.com. > To unsubscribe from this group, send email to > chromium-extensions+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/chromium-extensions?hl=en. > > > -- You received this message because you are subscribed to the Google Groups "Chromium-extensions" group. To post to this group, send email to chromium-extensi...@googlegroups.com. To unsubscribe from this group, send email to chromium-extensions+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/chromium-extensions?hl=en.
