Chromium Embedded Framework Forum

Forum for support and discussion of the Chromium Embedded Framework (CEF)
Visit the CEF Project Site to download CEF and report issues.

Skip to content

Implement Key/Password store

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.
Forum rules
Post a reply

Implement Key/Password store

Postby koudis » Sat Sep 22, 2018 4:33 am

Hello all,

I want to implement password store for my CEF application.
Requirements:
    - must be multiplatform
    - must be (quite) secure
    - must use native key store on given platform to store passwords (standard Keystore on Mac OS, keyvalut on Windows, ...)

I found that there are two options I can implement Password store
    a) Implement JS API (for acces to keystore) and write frontend in JS/HTML
    b) write Chromium extension for CEF

a) It's not complicated but I am not sure if it's secure enougth. The problem is that JS API will be available for whole App which loaded into browser etc..
Is there any option to restrict my JS API visiblity/access? For example - can I say "that api is available only on this internal URL"? (or somethins simillar).
How can I ensure that no one except explicitly specified can access to my JS resources?

b) Is this more secure than a)? (I gues yes - context is more isolated etc.)

Are there any other options?


Thanks for advice
John
koudis
Techie
 
Posts: 21
Joined: Fri Jul 07, 2017 4:30 am
Top

Re: Implement Key/Password store

Postby Czarek » Sun Sep 23, 2018 10:35 am

You can inject custom JS code on selected pages using CefLoadHandler::OnLoadStart callback.
Maintainer of the CEF Python, PHP Desktop and CEF C API projects. My LinkedIn.
User avatar
Czarek
Virtuoso
 
Posts: 1927
Joined: Sun Nov 06, 2011 2:12 am
Top
Post a reply

Return to Support Forum

Who is online

Users browsing this forum: No registered users and 46 guests

Powered by phpBB® Forum Software © phpBB Group