Chromium Embedded Framework Forum

[dmklementiev]

I enable cookies as CefString(&settings.cache_path).FromASCII("path/cookies");. Everything works as expected, however, when I authenticate using one of auth2 flows, persistent cookie(s) that contain essentially refresh token are saved in the location I provided. This poses certain security risk. Question: is there any way to encrypt cookies before they are save on the disk and encrypt after they are loaded, so non-encrypted cookies exist in memory only?

[magreenblatt]

What OS and CEF version? They should be encrypted by default with NetworkService enabled.

[dmklementiev]

Thank you Marshall. OS = Ubuntu 18.04. CEF = cloned from main a few weeks ago. Question: who owns the public/private keys? Can I provide my own?

[magreenblatt]

I guess on Linux there may not be a system keychain to use by default. You can check what CryptoCookieDelegate is passed to SQLitePersistentCookieStore in your local build.

[dmklementiev]

Seems that I cannot hit a break point (actually I've changed CEF code to log and throw an exception) in the following functions to understand what CryptoCookieDelegate is sent.

I've tried the following funtions:

Code: Select all

in src/net/extras/sqlite/sqlite_persistent_cookie_store.cc

SQLitePersistentCookieStore::Backend::MakeCookiesFromSQLStatement
SQLitePersistentCookieStore::Backend::FinishedLoadingCookies
SQLitePersistentCookieStore::SQLitePersistentCookieStore

in src/components/cookie_config/cookie_store_util.cc

net::CookieCryptoDelegate* GetCookieCryptoDelegate()


What else can I try?

[magreenblatt]

You likely need to attach the debugger to the network process (it has --type=utility on the command-line).

[dmklementiev]

Yes, hit the break point, thank you.