Chrome Pass
8 views
Skip to first unread message
Brock Angelo
Jul 29, 2011, 4:13:18 PM7/29/11
to chi-html5-hackathon
After reading about the local storage options in HTML5, I got to thinking about an HTML5 version of KeyPass (a pretty basic password manager). The functionality would be very basic, but you could allow the user to store passwords using your HTML5 site, it would remain in persistent storage, and there is the possibility of setting it up later with AppEngine to allow users to sync from computer to computer.
Sure, there are hundreds of password managers out there, but this might be a good learning project. Not sure if HTML5 has options for encrypting items in storage, or how this would differ from the built-in password manager in Chrome/Firefox, but who cares, really. Its a project I could use.
Sure, there are hundreds of password managers out there, but this might be a good learning project. Not sure if HTML5 has options for encrypting items in storage, or how this would differ from the built-in password manager in Chrome/Firefox, but who cares, really. Its a project I could use.
Raphael
Jul 29, 2011, 4:16:16 PM7/29/11
to chi-html5...@googlegroups.com
Haha! Hey, well if it's something you could use, then so can someone else! The only issue would be security of the persistent storage and how browsers are handling it now, and how different or more efficient would you handle securely storing the passwords. Am I off on that?
Brock Angelo
Jul 29, 2011, 4:26:46 PM7/29/11
to chi-html5...@googlegroups.com
You're probably right Raphael. I would think that the main concern there is knowing (and really understanding) that a user cannot access it through a script. For example, you come to my site and my site knows to look in your browser for com.chromepass.storage.chasebank_password.
pying
Jul 31, 2011, 12:11:26 PM7/31/11
to CHI-HTML5-Hackathon
Na, local storage is tied to the domain. Might be able to do some
crazy iFrame or xss but not if you code it well. Also, I think client
side encryption is kind of sketch.
You could just build the key vault online? I don't see the benefits
of having an offline key store for online web apps haha.
On Jul 29, 1:26 pm, Brock Angelo <brockang...@gmail.com> wrote:
> You're probably right Raphael. I would think that the main concern there is
> knowing (and really understanding) that a user cannot access it through a
> script. For example, you come to my site and my site knows to look in your
> browser for com.chromepass.storage.chasebank_password.
>
>
>
>
>
>
>
> On Fri, Jul 29, 2011 at 3:16 PM, Raphael <raphaelalle...@gmail.com> wrote:
> > Haha! Hey, well if it's something you could use, then so can someone else!
> > The only issue would be security of the persistent storage and how browsers
> > are handling it now, and how different or more efficient would you handle
> > securely storing the passwords. Am I off on that?
>
crazy iFrame or xss but not if you code it well. Also, I think client
side encryption is kind of sketch.
You could just build the key vault online? I don't see the benefits
of having an offline key store for online web apps haha.
On Jul 29, 1:26 pm, Brock Angelo <brockang...@gmail.com> wrote:
> You're probably right Raphael. I would think that the main concern there is
> knowing (and really understanding) that a user cannot access it through a
> script. For example, you come to my site and my site knows to look in your
> browser for com.chromepass.storage.chasebank_password.
>
>
>
>
>
>
>
> On Fri, Jul 29, 2011 at 3:16 PM, Raphael <raphaelalle...@gmail.com> wrote:
> > Haha! Hey, well if it's something you could use, then so can someone else!
> > The only issue would be security of the persistent storage and how browsers
> > are handling it now, and how different or more efficient would you handle
> > securely storing the passwords. Am I off on that?
>
Reply all
Reply to author
Forward
0 new messages