I'm not exactly sure what you mean. Should I store each accounts cookie and somehow switch them around when the user changes account? Creating a new cookie (reseting?) would require the user to log in again, right? I'm not very familiar with cookie handling in JavaScript so I'd love some pointers.
Thanks for you reply! On Nov 15, 11:31 pm, Aaron Boodman <[email protected]> wrote: > On Sun, Nov 15, 2009 at 1:16 PM, Anders Sahlin <[email protected]> wrote: > > I've been working on multiple account support for my Gmail extension, > > and reached the point where I need to store user information (username > > and password). What is the best way of doing this, while maintaining > > some degree of security? Is localStorage safe enough? Should I use > > some form of encryption? The tricky part is that all source code will > > be visible, and thus the encryption-keys/algorithm as well. I could > > use some sort of master-password but it would be best if user > > intervention was held to a minimum. > > I wouldn't recommend storing the password at all. Instead, you could > store the cookie and reset it when necessary to change the active > account. Rely on Gmail's "remember me" feature to keep the cookie > active. > > - a -- You received this message because you are subscribed to the Google Groups "Chromium-extensions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/chromium-extensions?hl=.
