如何使用greasemonkey安全地存储密码?
[英]How to safely store passwords with greasemonkey?
问题描述
I wrote a Greasemonkey script, it prompts users to store login and password to avoid the need of re-enter it again and again. 
我写了一个Greasemonkey脚本,它提示用户存储登录名和密码,以避免需要一次又一次地重新输入。
I know localStorage.setItem(); 我知道localStorage.setItem(); to store a key and a value, but the password will be stored as clear text. 存储密钥和值,但密码将以明文形式存储。 So, what is the best practice to store a password? 那么,存储密码的最佳做法是什么?
Is there any API to store it in the browser ? 是否有任何API将其存储在浏览器中? I need to be able to revert the hash (if I need to hash) because the script implement autologin on a website, and I need the clear password to do so. 我需要能够恢复哈希(如果我需要哈希),因为脚本在网站上实现自动登录,我需要清除密码才能这样做。
Thanks by advance. 谢谢你提前。
1 个解决方案
解决方案1
4 已采纳 2010-12-07 20:57:23
GreaseMonkey and JS are not the right tools for this - there are numerous problems in keeping passwords secure, some of which aren't really solvable in JS (due to its browser sandbox limits). GreaseMonkey和JS不是正确的工具 - 在保持密码安全方面存在许多问题,其中一些在JS中无法解决(由于其浏览器沙箱限制)。
You could encrypt the password(s) using AES (or some other encryption scheme) - there are AES implementations in JS . 您可以使用AES(或其他一些加密方案)加密密码 - JS中 有 AES 实现 。 However, they are slower than native code, and you'd need to enter the AES passphrase on every page where the password(s) would be needed (if you stored the passphrase somewhere, or stored some token "passphrase was valid", you're back to square one). 但是,它们比本机代码慢,并且您需要在需要密码的每个页面上输入AES密码(如果您在某处存储了密码,或者存储了一些令牌“密码有效”,您'回到原点)。
As GM is intended for extending in-page JavaScript, its options in security are very limited. 由于GM旨在扩展页内JavaScript,因此其安全选项非常有限。 If you're trying to save your web passwords securely, I'd suggest some kind of browser extension - there are numerous for existing password managers. 如果您正在尝试安全地保存您的网络密码,我建议使用某种浏览器扩展程序 - 现有密码管理器有很多。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.