Wondering if that could be possible, to encrypt the password so can´t be readed that easy in settings.ini
I don´t trust in all my guild members and kinda dangerous if someone with knowledge about how roster and uniuploader works has the password.
Or any way to use different passwords for roster config and roster upload, that would be the best option.
But if too much trouble to do that, a good step will be encrypting that password field. So I can provide my guild members of a pre-configured .ini for safety.
Thanks and more thanks for wowroster
[Request] Encrypted password
5 posts
• Page 1 of 1
[Request] Encrypted password
by ElMauro » Sun Jul 15, 2007 7:21 pm
- ElMauro
- WR.net Apprentice
- Posts: 10
- Joined: Wed Jul 04, 2007 6:28 pm
[Request] Encrypted password
by MattM » Sun Jul 15, 2007 8:19 pm
dont put the update password in the ini you wish to distribute:
http://www.wowroster.net/wiki/index.php ... stribution
http://www.wowroster.net/wiki/index.php ... stribution
- MattM
- UA/UU Developer
- Gimpy Developer
- Posts: 886
- Joined: Tue Jul 04, 2006 9:53 pm
- Location: USA
[Request] Encrypted password
by ElMauro » Sun Jul 15, 2007 8:54 pm
Thanks for your answer, matt
Ok, nice script you did. Saved me time building a setup factory installer
But still with the same problem, still can read the clean roster password from the ini.
You say me not to put the password in the ini, but then I need to tell to any member to put "mypassword" to upload their char data. And is the same problem, even worse.
Is not a a complaint, my friend. I´m really grateful with all your works here, just trying to sugest
Ok, nice script you did. Saved me time building a setup factory installer
But still with the same problem, still can read the clean roster password from the ini.
You say me not to put the password in the ini, but then I need to tell to any member to put "mypassword" to upload their char data. And is the same problem, even worse.
Is not a a complaint, my friend. I´m really grateful with all your works here, just trying to sugest
- ElMauro
- WR.net Apprentice
- Posts: 10
- Joined: Wed Jul 04, 2007 6:28 pm
Re: [Request] Encrypted password
by Jellow » Sun Jul 15, 2007 10:08 pm
You don't need put the password into the settings.ini, because uploading character data is possible even without the password!
The password is needed at upload noly to update the guild information and character<->guild assignment out of the GuildProfiler data (which is also saved in the CharacterProfiler.lua).
And a basic encryption wouldn't be save, cause of open-source. Everybody would be able to read a static key or the location of the local generated encryption-key.
Only a public privat key establishment between server and uploader could be realized and would be nearly save, but only if you have a completly encrypted communication between UU and Roster (e.g. via SSL). If the transmission remains unencrypted, everybody would be able to get the password with a simple network package sniffer like it's included in windows.
To cut a long story short, to much work for an unnecessary feature ;-)
So far...
Jellow
The password is needed at upload noly to update the guild information and character<->guild assignment out of the GuildProfiler data (which is also saved in the CharacterProfiler.lua).
And a basic encryption wouldn't be save, cause of open-source. Everybody would be able to read a static key or the location of the local generated encryption-key.
Only a public privat key establishment between server and uploader could be realized and would be nearly save, but only if you have a completly encrypted communication between UU and Roster (e.g. via SSL). If the transmission remains unencrypted, everybody would be able to get the password with a simple network package sniffer like it's included in windows.
To cut a long story short, to much work for an unnecessary feature ;-)
So far...
Jellow
Last edited by Jellow on Sun Jul 15, 2007 10:10 pm, edited 1 time in total.
- Jellow
- WR.net Apprentice
- Posts: 8
- Joined: Mon Jun 11, 2007 8:11 am
[Request] Encrypted password
by ElMauro » Sun Jul 15, 2007 11:02 pm
O.o my bad.
Didn´t know password wasn´t necessary.
In fact, dont know why my head repeat: "password needed for upload"
Prety sure I read it somewhere and sticked with that.
Mi mistake, sorry for the topic :p
cyas and thanks for the explanation
Didn´t know password wasn´t necessary.
In fact, dont know why my head repeat: "password needed for upload"
Prety sure I read it somewhere and sticked with that.
Mi mistake, sorry for the topic :p
cyas and thanks for the explanation
- ElMauro
- WR.net Apprentice
- Posts: 10
- Joined: Wed Jul 04, 2007 6:28 pm
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest