Move token out of configuration file #262
Comments
|
Fair point I guess. I'll look at this soon |
|
Possibly have the file encrypted to, so to not compromise account security encase another user gets into the computer. |
|
Your token file is in your home folder, which should not be accessible by another user, unless they are root. |
|
I am not sure about the encryption stuff. This would require having to use the systems keyring, I am unsure how difficult that is, so that might be something we can slap on afterwards. Either way, I'd rather disable this by default, as most people don't care and don't wanna bother unlocking the keyring every time they start cordless. |
|
It would require us to write our own abstractions for different operating systems. Windows has the Cryptography API for keyring, macos has keyring, gnome has gnome-keyring, kde has kde-keyring, and some systems don't have keyrings at all. |
|
I'm not sure I think this is necessary, a lot of programs store keys in the home folder of the user. The user should be able to encrypt their token file if they want with GPG or EFS for Windows. |
What do you want
I would like the discord token to be moved outside of the configuration file.
Why
Many people keep their configurations synchronized through a public repository, and this is not possible for cordless as it would expose the token.
Implementation hints
An option would be to keep a seperate file for just the token.
The text was updated successfully, but these errors were encountered: