How can I make private files in a chrome extension?
Question
So I'm making a chrome extension and I am using an API with a quota. I have a keys.json file where I keep the key to this API, but I have discovered that all extension files are public in ~/Library/Application Support/Google/Chrome/Default/Extensions (OSX)
Is there a way I could make this file private? I was thinking of encrypting it, but what use is that if the code to decrypt it is with the extension? Should I send the encrypted key to some remote server to decrypt it? That causes unnecessary waiting. I could obfuscate it, but I think again if someone is dedicated they'll figure out what the key is. So what should I do?
1 answers
solution1
4 2016-03-24 02:29:26
You should let each installation request an API key. This way the extension neither has only one key nor has to keep that key a secret. The worst that could then happen is that some users end up sharing the same quota.
If they won't let you do it like this, their API key structure is broken. But you might be able to get around it via proxying their API which would allow you to keep the actual key on the server and grant each installation a fraction of the shared quota. With that you could implement caching beyond what the API provides to reduce the number of requests.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.