Well, that is sick. Wouldn't it be great that user can debug just his own extensions (ie. would have to enter a extension key)? Other users would not be able to open and debug the code to seek for such information. This is really a question to discuss I think. And it really bugs me that everyone can see my code I have written.
Anyway thanks for your help. On 7 pro, 00:46, Aaron Boodman <[email protected]> wrote: > On Sun, Dec 6, 2009 at 2:00 PM, redhead <[email protected]> wrote: > > Hi, > > I am trying to create my own first extension for chrome, which is > > build on Web API of some internet service. But thing is that to use > > this API it is needed a special secret hash (which I got from > > registering the service), and which is sent in url (hashed again with > > some other values by md5) to do some action on the other side. But it > > is not safe for this hash to be accessible to any person (by > > inspecting or debugging my extension) and easily make unsafe > > operations with it. Is there a way to store a secret (or private) > > information without being worried they can be exposed to 'more clever' > > users?? > > > I use this hash in javascript (obviously) like this: > > > var secretHash = 'abcdegh12345'; > > //and then constructing url > > var url = "http://example.com/?action="+md5('some_params'+secretHash); > > //and getting response by ajax call > > In the limit, it is not possible to hide anything in an extension. A > determined user could undo whatever kind of obfuscation you try to use to > hide the hash. > > It might be better to have the extension send requests to your own server > and then make the API requests from your server. > > -a -- You received this message because you are subscribed to the Google Groups "Chromium-extensions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/chromium-extensions?hl=en.
