How to connect your database in a google chrome extension

Ashura91

Newbie
Joined
May 11, 2023
Messages
4
Reaction score
2
Hello to all,
I want to create a personal password manager, for this I will create a google chrome web extension (there is also a mobile application I want to create) and to store my data, I told myself that going through a firebase database could work, The problem is that I can't connect my firebase database (realtime firebase) to my extension, I wanted to try with php but the extension doesn't support php, being a beginner with javascirpt on the client side, I decided to help me with chat gpt, however all the answers they give me are wrong. So here are my questions:
- Should I stay on a firebase database ? how to integrate it in my extension ?
- Is it safe to have a firebase database?


PS : I don't want to keep locally the password information because I want to have the same database for my mobile application (created after the extension). I didn't find anything on the google documentation (I may have missed it)


Have a nice day
 
You don’t call database from chrome extension. You call an api that connects to a database. If you put any kind of secret in the extension, it can be read by anyone.

You don’t even put keys for firebase or anything else that will have a secret api key (that is not user specific, but global). This is not only valid for chrome apps, but mobile apps as well.


If you want only a handful of users to access the data, add registration process in the plugin. Authenticate that user to the api and send them data through your api that calls whatever the datasource is.


The only safe place to call a database directly (or an api with secret key) is your server. Nothing else.
 
Last edited:
You don’t call database from chrome extension. You call an api that connects to a database. If you put any kind of secret in the extension, it can be read by anyone.

You don’t even put keys for firebase or anything else that will have a secret api key (that is not user specific, but global). This is not only valid for chrome apps, but mobile apps as well.


If you want only a handful of users to access the data, add registration process in the plugin. Authenticate that user to the api and send them data through your api that calls whatever the datasource is.


The only safe place to call a database directly (or an api with secret key) is your server. Nothing else.
ok thanks, if I understood correctly I don't put any secret key in my script. Moreover, if I want to connect to my database, I use an API.

Do you have any api to advise me ?
 
ok thanks, if I understood correctly I don't put any secret key in my script. Moreover, if I want to connect to my database, I use an API.
Correct. :)
Do you have any api to advise me ?

Not sure what you mean. I meant api as your own custom api, for communication from the extension to your backend.
 
Correct. :)


Not sure what you mean. I meant api as your own custom api, for communication from the extension to your backend.
ah ok sorry I didn't understand, thanks for your help.

I am new, should I close the discussion?
 
ah ok sorry I didn't understand, thanks for your help.

I am new, should I close the discussion?
No problem dude. :)

I don’t think you can close the thread by yourself, and the thread is a very good one I think. Devs make this mistake over and over again, and keep getting hacked. ;)
 
Back
Top