Reputation: 2376
Password protected chrome extension
I made a chrome extension which runs successfully and does the job for which it was intended for. I need to make the extension password protected and someone can use the application only with their Gmail user and password.
I have experience using google authentication using google APIs client library and can implement it in my application. But in that case, all google users can run the application. I thought about storing some file where will list all allowed users emails. However, chrome extensions are open to edit so anyone who has a little experience with extension development can find and edit that file.
Are there any suggestions?
Upvotes: 0
Views: 600
Answers (1)
Reputation: 174957
Code that runs on an extension on my machine is my code, not yours. I can control anything and everything about the execution of the extension, including altering the code on disk and reloading the extension in chrome.
I can break any and all protections and defences you place in a pretty trivial matter. And I'm also pretty proficient with deobfuscating jumbled code, so don't think about going that way.
Keep authentication logic on the server, more generally, keep anything that needs absolute control on the server. You don't really care if I mess with your extension and see a red background instead of blue, you do care if I can access things I shouldn't.
Upvotes: 2
Related Questions
- Access variables and functions defined in page context from an extension
- Chrome sendrequest error: TypeError: Converting circular structure to JSON
- Removing input background colour for Chrome autocomplete?
- How to manually send HTTP POST requests from Firefox or Chrome browser
- Disable same origin policy in Chrome
- How do I get ASP.NET Web API to return JSON instead of XML using Chrome?
- Disabling Chrome cache for website development
- Remove blue border from css custom-styled button in Chrome