- changed title to Click-to-login-bookmarklet
- edited description
Click-to-login-bookmarklet
Hey, a click to login-bookmarklet like in zoho vault would be nice :)
Comments (10)
-
reporter -
I would propose using an anchor (
#
) to determine the URL of the KDBX file to be pre-loaded:
http://example.com/browsepass.html#http://example.com/files/passwords.kdbx
That way, the server can't tell which file has been requested, thus improving privacy when browsepass is hosted by a third party.
-
Implemented in pull request #2.
-
reporter that's also cool, but I mean something else. if you are on a site which is in your database on zoho vault, it is possible to click on the bookmarklet, and it let you login.
-
That would require you to either enter your password every time or store it in a cookie...
(And it's way more complicated than the bookmark thing I've implemented. ;) )
-
reporter that's how the "URL" looks like:
javascript:(function(){var k='313b3cf3cc040de8d2a408f8036549f8e475331b1572e9ab04ecb9d4cc4f5355'; var v='0.22809886925501144';_ZV={ url:'https://vault.zoho.com/autofill.do',K:k,l:encodeURIComponent(location.href),s:document.createElement('script'),h:document.getElementsByTagName('head')[0] || document.documentElement};var s= _ZV.s;s.src=_ZV.url+'?url='+_ZV.l+'&v='+v+'&u=16108000000008003';_ZV.h.appendChild(s); })()
it's possible to regenerate ;) don't know if the password is stored in a cookie, but you are right, that it should be very complicated to implement :D
Thank you btw :)
-
repo owner @kreisel are you referring to a bookmarklet that can automatically log you in to a saved site. If that is true, I think the bookmarklet is idea is intriguing though a bit insecure in my opinion.
It can be done better perhaps as a Chrome/Firefox extension rather than a regular webpage like BrowsePass was born to be. I'll think about it more.
-
reporter yes, not automatically, but it's slick anyways! :)
it's possible to click inside of zoho vault on a link, than you get to the site and now you can click on the bookmarklet to login, sometimes it works without the way trough zoho vault. here is a screenshot of what they are writing:
but I think you have to see it for yourself.
-
repo owner So I've been investigating this feature for a bit. I think it might be doable.
The high-level idea is:
- BrowsePass generates a bookmarklet for a particular entry in its vault.
- User bookmarks this bookmarklet.
- User opens the target URL.
- User activates the bookmarklet.
- The bookmarklet communicates back to BrowsePass via
window.postMessage
to ask for username and password. - BrowsePass authenticates the request and responds with required info.
- The bookmarklet receives the info, fills the password in the first
type="password"
field, and the username to the previoustype="text"
sibling.
The communication messages need fleshed out to ensure security first though. I'll get to it when I can, unless someone else beats me.
-
repo owner Nope.
window.postMessage
does not work across tabs/browsing windows. There is a need to derive a communication method between two tabs/browsing windows on two different origins. I'll think about it more. - Log in to comment