Saving and retrieving credentials at each browser phone start #469
-
|
Apologies if this is an inappropriate question. Browser-phone is an excellent piece of work, thank you. Would be a joy if some of the alleged professional software developers i work with daily would strive for even a shred of the intelligence and quality on display here. I'm not much of a coder, so perhaps I am way off base, but am running the browser-phone on a number of devices, each with it's own pjsip credentials, but when the device clears it's browser cache, the next start of the phone requires the user enter all credentials again. I read #216 - #216, and found the credentials on one case are stored here: ~/.config/BraveSoftware/Brave-Browser/Default/Local\ Storage/leveldb/009396.ldb Is there a preferred method for each device to save successful credentials and have the client device browser associate that file with the application and authenticate ? Ideally an encrypted file in $HOME, so the browser page would prompt to enter a passphrase to decrypt the file (user proves at least something) , send the credentials into the browser page and log the user in ? Thank you for a hint in the right direction. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
The browser phone makes extensive use of the LocalStorage API: These APIs allow you to script access to the data that the Browser Phone sets and collects. With regards to credentials, I would construct an alternate login solution with a server-side language like PHP, have the user login, and based off this, have the username and password sent to the browser. The password WILL be set in code, this is simply something you will not be able to overcome. If a user goes to the Developer Tools or the console, they will be able to access the SIP password, this is simply unavoidable. The best approach in dealing with this is that you need to ensure the password is long and complex (to avoid reading it off the screen), rotated often (even on each refresh of the page), and unique to each user, so even if someone stumbles upon their OWN password they are only able to leak their own data. |
Beta Was this translation helpful? Give feedback.
The browser phone makes extensive use of the LocalStorage API:
https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage
and also Index DB API:
https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API
These APIs allow you to script access to the data that the Browser Phone sets and collects.
With regards to credentials, I would construct an alternate login solution with a server-side language like PHP, have the user login, and based off this, have the username and password sent to the browser.
The password WILL be set in code, this is simply something you will not be able to overcome. If a user goes to the Developer Tools or the console, they will be able to access the SI…