I'm not sure what the functions are. These look familiar but I've never used any so I don't know for sure. Bookmark Synchronizer (https://addons.mozilla.org/extensions/moreinfo.php?id=14) uses the password manager, for example. Another extension is GMail Notifier.
It's very simple, actually. The master password prompt appears whenever the first request to password manager is executed. If the user enters a correct master password, the string returned is the password; if it's incorrect, the user is prompted again, and if cancelled, an empty string is returned. If password was entered properly, the user will not be prompted again until they restart the browser. The password is only prompted if the user specified a master password. If not, user is not prompted for one. It should be the case that no other extension should be able to access passwords saved by yours, but I haven't read up on that so don't take my word for it. On 2/7/06, Eric H. Jung <[EMAIL PROTECTED]> wrote: > >if the data is so sensitive, why not just use the built-in > >password manager? many extensions do that already. > > I assume you mean nsISecretDecoderRing.encryptString() and > nsISecretDecoderRing.decryptString() or nsIPasswordManager.addUser()? > > I'm not using them for the simple reason that it's not clear to me > when/if/how the user is prompted to enter a master password when my > extension uses these functions. I do not want the user to have to enter > a password. > > > --- Konstantin Svist <[EMAIL PROTECTED]> wrote: > > > writing 'delete foo' ensures that the reference is broken and that > > variable is no longer defined. 'foo = null' removes the reference too > > but the variable is still defined. > > > > the memory is probably not cleared immediately - what's the point? > > I don't think there's any way in JS to get uninitialized value. > > > > for instance, if you do > > var x; > > alert(x); > > it simply says undefined > > > > what you need to worry about is multiple references and copies > > > > > > if the data is so sensitive, why not just use the built-in password > > manager? many extensions do that already. > > > > > > On 2/7/06, Rod Whiteley <[EMAIL PROTECTED]> wrote: > > > Eric H. Jung wrote: > > > > I suppose that question can be answered by someone who knows > > whether or > > > > not properties of a variable are deleted when the variable itself > > is > > > > deleted. Anyone? > > > > > > Of course they are, but even that's not the whole point. Suppose > > your > > > code executes: > > > > > > foo = "sensitive data" > > > > > > and later it executes: > > > > > > foo = null > > > > > > The string "sensitive data" is probably still in memory*, even > > though > > > the memory is available for reuse and might be overwritten later. > > Writing: > > > > > > delete foo > > > > > > is no help. That only affects memory used by the property itself. > > > > > > * And that's my question: is unused memory cleared immediately, or > > > cleared later by the garbage collector, or (most likely) not > > cleared at > > > all until something else happens to overwrite it? > > > > > > -- > > > Rod Whiteley > > > _______________________________________________ > > > Project_owners mailing list > > > [email protected] > > > http://mozdev.org/mailman/listinfo/project_owners > > > > > _______________________________________________ > > Project_owners mailing list > > [email protected] > > http://mozdev.org/mailman/listinfo/project_owners > > > > _______________________________________________ > Project_owners mailing list > [email protected] > http://mozdev.org/mailman/listinfo/project_owners > _______________________________________________ Project_owners mailing list [email protected] http://mozdev.org/mailman/listinfo/project_owners
