From dinis.cruz at owasp.org Fri Feb 3 00:47:27 2012 From: dinis.cruz at owasp.org (dinis cruz) Date: Fri, 3 Feb 2012 00:47:27 +0000 Subject: [Owasp-Mobile-Project] Information about secret storage in Browser extensions, for example Firefox Message-ID: Question: *"if one needs to store a secret in a browser extension (for example an OAuth token with write privileges to Twitter), where can it be safely stored?"* What would be the attack vectors? Who would be able to access it? (any extension? a web page?) Are there a best-practices/how-to doc available? Google doesn't seem to find much (here is one of the few: http://stackoverflow.com/a/6295705 - talks about using LocalStorage) Thanks Dinis Cruz -------------- next part -------------- An HTML attachment was scrubbed... URL: