I am building an app that exchanges sensitive data between the extension and the native host. I realized that communication between the 2 is done via Named Pipes (see here). This means, as far as I understand, that other processes can read/write to this pipe. This can be dangerous if we have a malicious process on the end user machine, which led me to a couple of questions:
- What are the best practices to secure the communication between the extension and the NH?
- Why is chromium using named pipes instead of anonymous pipes and Would it be possible for chromium to change it to unnamed pipes?
- Run an extension with a native host
- Use PipeList to view the existing pipes in windows
- You can get the native host pipe name
I expect the native host pipe to be hidden from other processes.
Note: a similar question has been asked before, but the older version may be outdated and is not precisely what I am looking for.