I'm trying to find a way to securely keep encryption keys in memory while they're in use. My concern is that other tabs or browser extensions might have access to that memory. Is there any way to create a secure key-store for a browser tab or isolate its memory so that other tabs or extensions can't access it? I'm new to this area of web development, so I appreciate any guidance!
1 Answer
The good news is that the same-origin policy helps protect each tab's memory. Each tab acts as a separate process with its own isolated memory space. Even when you store data in LocalStorage or IndexedDB, it's generally protected from access by other sites. However, keep in mind that if you store your encryption key in a global variable, some browser extensions with the right permissions could potentially access it. So, while there's no direct way for extensions to read your memory, they can still find ways around it. Ultimately, you can't fully prevent extensions from accessing your data since users control their browsers and can choose what to install. It might be more productive to focus on using secure coding practices rather than worrying too much about extensions.
Got it! I’ll keep that in mind.
Thanks for such a detailed answer 🙂