Custom connection between my Google Chrome extension and my own program on Linux

I have a native program (in Java) that would like to communicate with a Google Chrome / Chromium extension. The messages contain confidential information and should not be available to anyone other than the user executing them (and of course root).

What technology should I choose for this communication channel? Is there even a solution?

EDIT: Sure, I could open the TCP / IP port on the localhost, but wouldn't it be available to other users with an account on the same host? Is there a technique to avoid side effects?

Can we access unix domain sockets from Google Chrome extensions?

+3


source to share


3 answers


The solution I have chosen is to have a server socket listening on the loopback interface (/127.0.0.1) with a shared secret used as the api key.



The reason is that I didn't realize that in my case every application that connects to my node needs to be authenticated .. because every application is handled differently, with different access permissions.

0


source


Assuming you are already familiar with TCP, if you are using localhost / 127.0.0.1 for communication, it will not be reachable / reachable by other machines.



+1


source


You can solve this at a higher level with SSL secured communication with certificates, etc. IF someone does not have a certificate, then the connection will be killed. Plus, you will benefit from encryption.

0


source







All Articles