Jump to content
UBot Underground

Secure Way To Store Passwords?


Recommended Posts

 

I'm creating a bot for a client that will run via Task Scheduler on a server so I don't want to use any ui input boxes. 

 

I told him the login credentials could be stored in a .txt file in the same folder as the bot, or they could be coded into the bot. 

 

He is concerned about the security of both these suggestions. 

 

This is the only way I've ever done it. Is there a more secure way to store and automatically load login details that only he has access to? 

 

I want to use the internal ubot browser and not exbrowser because the bots I've previously made with exbrowser stop working when the browser needs updating, which is really frustrating. 

Link to post
Share on other sites

You can encrypt credentials with various plugins, for it to be more secure you would want to use an algorithm that uses a private key. Ubot has some built in stuff too but not with the ability to add a key by the way. The problem though is that you kind of need to keep that key somewhere so it's really not much better than keeping the password in the bot itself because that it where you would have to keep the key. The key is basically a password and in another case the user could just use that as a master password to type in once and unlock all the accounts but since you want it to run automatically then that doesn't really work for you.

 

Besides the program at some point would need to store that password and I think that it could be read out of memory. I don't think there is a good way to store passwords in memory for Ubot. So regardless there is always going to be a security issue if you want the program to be able to acquire the passwords automatically.

Link to post
Share on other sites

Thank you for your response. That's disappointing, but confirmed what I guessed might be the case. 

 

You can keep a separate file like a database for the passwords and encrypt them and then have another file with the key. As long as the program is not distributed with both files then it is at least more secure. This way the passwords are not stored in the program itself but in separate files and somebody would need both files to get to them. This is not 100% secure on the end user system but at least this means that the program can be used or distributed elsewhere without worry.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...