I have a 'native' program (in Java) which would like to communicate with a Google Chrome/Chromium extension. The communication contains sensitive informations, and should not be accessible by anybody else than the user running them (and the root of course).
What technology should I choose for this communication channel? Is there even a solution?
EDIT: Of course I could open a TCP/IP port on the local host, but wouldn't it be accessible by other users having an account on the same host? Is there a technic to avoid that side effect?
Could we access unix domain sockets from Google Chrome extensions?
The solution that I chose is to have an server socket listening on the loopback interface (/ 127.0.0.1) with a shared secret used as an api key.
The reason is that I didn't realize that in my case each app which connect to my node had to be authenticated .. because each app is treated in a different way, with different access permissions.