UBotGoRound 0 Posted July 26, 2017 Report Share Posted July 26, 2017 I'm creating a bot for a client that will run via Task Scheduler on a server so I don't want to use any ui input boxes. I told him the login credentials could be stored in a .txt file in the same folder as the bot, or they could be coded into the bot. He is concerned about the security of both these suggestions. This is the only way I've ever done it. Is there a more secure way to store and automatically load login details that only he has access to? I want to use the internal ubot browser and not exbrowser because the bots I've previously made with exbrowser stop working when the browser needs updating, which is really frustrating. Quote Link to post Share on other sites
HelloInsomnia 1103 Posted July 26, 2017 Report Share Posted July 26, 2017 You can encrypt credentials with various plugins, for it to be more secure you would want to use an algorithm that uses a private key. Ubot has some built in stuff too but not with the ability to add a key by the way. The problem though is that you kind of need to keep that key somewhere so it's really not much better than keeping the password in the bot itself because that it where you would have to keep the key. The key is basically a password and in another case the user could just use that as a master password to type in once and unlock all the accounts but since you want it to run automatically then that doesn't really work for you. Besides the program at some point would need to store that password and I think that it could be read out of memory. I don't think there is a good way to store passwords in memory for Ubot. So regardless there is always going to be a security issue if you want the program to be able to acquire the passwords automatically. Quote Link to post Share on other sites
UBotGoRound 0 Posted July 26, 2017 Author Report Share Posted July 26, 2017 Thank you for your response. That's disappointing, but confirmed what I guessed might be the case. Quote Link to post Share on other sites
HelloInsomnia 1103 Posted July 27, 2017 Report Share Posted July 27, 2017 Thank you for your response. That's disappointing, but confirmed what I guessed might be the case. You can keep a separate file like a database for the passwords and encrypt them and then have another file with the key. As long as the program is not distributed with both files then it is at least more secure. This way the passwords are not stored in the program itself but in separate files and somebody would need both files to get to them. This is not 100% secure on the end user system but at least this means that the program can be used or distributed elsewhere without worry. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.