Address security concerns on storing credentials locally #13

le-git-imate · 2019-08-15T00:22:38Z

Description of issue or feature request
The extensions could be exploited by web applications from their privileged capabilities. And malicious scripts on the page may be able to access the local storage and retrieve sensitive info stored by our extension. Read more about the issue on chrome dev page and academic papers like this. Also take a look at threatpost, infosecbuzz.

le-git-imate stores some sensitive info (token, password) locally. As mentioned in #28, we should first remove the need of password and then protect the token.

Current behavior

The extension does not properly take care of the security of stored credentials.

Expected behavior

Do not use passwords ( Do not store GitHub/GitLab password locally #28).
Protect the personal token.

le-git-imate added bug Something isn't working enhancement Ask to enhance an existing feature extra attention Extra attention is needed labels Aug 15, 2019

This was referenced Aug 20, 2019

Do not store GitHub/GitLab password locally #28

Closed

Support importing keys from Keybase #36

Open

hmdfsn mentioned this issue Sep 4, 2019

Support 2FA authentication #40

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Address security concerns on storing credentials locally #13

Address security concerns on storing credentials locally #13

le-git-imate commented Aug 15, 2019 •

edited

Address security concerns on storing credentials locally #13

Address security concerns on storing credentials locally #13

Comments

le-git-imate commented Aug 15, 2019 • edited

le-git-imate commented Aug 15, 2019 •

edited