[Greasemonkey] Real soon now: S3 script val store
Jeremy Dunck
jdunck at gmail.com
Tue Apr 4 23:03:26 EDT 2006
On 4/4/06, Jeff Barr <jeff at vertexdev.com> wrote:
> Sounds great, and I am looking forward to this. The only thing that
> you want to be really careful about is how and where you will store
> the user's Amazon Web Service account credentials.
I'll try to be careful, and will certainly ask for feedback on any
implementation before letting it loose. :)
> It would be neat if any script that wanted to use S3 could call upon
> a standard GM function to retrieve the credentials, and prompt the
> user for them if they are not known. Then we could all give away
> S3-aware scripts without fear of credential theft.
Hmm. I hadn't thought of this, and honestly it kinda scares me. I'd
prefer to keep the creds in XUL-land. You know, defense in depth...
We think APIs are secure, but I'd prefer not to give an API that, if
exploited, gives away your hard drive. :)
If someone has advice on how to take data entry from content and have
it be really, for sure, secure, I'm listening.
> Let me know if there's anything that I can do to help with this
> (I assume that this was inspired (at least in part) by my recent
> blog post: http://aws.typepad.com/aws/2006/03/firefox_s3_some.html).
Indeed, I found that via Les's entry, and commented (asking what the
free services another commenter mentioned were).
Congrats on S3, by the way-- I'm happy that kind of thing is becoming
infrastructure.
More information about the Greasemonkey
mailing list