Open ioerror opened 10 years ago
Absolutely, I fully hear your concerns and a browser extension is planned. An extension will also be able to make better use of localStorage, such as client sided logging, without worrying that localStorage may be cleared at any moment. Local cache of keys (profileBlob) is a good idea too.
I also have ideas for a CEF wrapped, desktop executable version of Subrosa that can better integrate with the native OS.
Glad to hear it!
It seems straight forward to make a very basic browser extension for Chrome and a bit of extra work for Firefox - nothing too complicated is required, I think.
+1 -- a browser extension would be nice for users who want a higher level of security
I would say that an essential feature of such a browser extension would be verification of code integrity, so as to avoid the possibility for the host to serve a backdoored version of the client (whether consciously or not).
I'm not a fan of typing my login or password into a random web form. Nor is it fantastic to trust that the remote server is honestly handing me the correct web application. I'd also like to ensure a local cache of any information that may also be stored on the server, e.g.: encrypted keys.
It would be nice if there was a browser extension where I could configure credentials, locally store information that is used in the protocol and on select sites, it would run the correct client side code as well as handling login/passowrd issues.