Author |
Topic |
|
zqxathz
4 Posts |
Posted - 06/07/2014 : 23:58:14
|
this version request to input password when starting, if S+ have a password. when we have set a password,can the next version have not request input password when starting,but if go to the setting window ,is request to input password?
thx so cool the software
|
|
Rob
USA
2615 Posts |
Posted - 06/08/2014 : 00:03:47
|
The reason I chose to prompt for password on start up is because any actions with sensitive information like scripting out password, someone could still use the actions.
Additionally, S+ encrypts the settings file, so without the password, S+ cannot decrypt it to load your settings :)
I know it can be a little annoying, but its in the best interest of security. I will think about it some, maybe offer some kind of option for less security. |
|
|
zqxathz
4 Posts |
Posted - 06/08/2014 : 00:38:15
|
thanks for you ,wish S+ give we more options for security,let it to easy to use. |
|
|
Strokeman
33 Posts |
Posted - 06/13/2014 : 13:34:30
|
Yes password just for settings sounds defeating the purpose. Rob can you tell more on how S+ encrypts and decrypts the set password? which encryption is used? Everything happens in RAM or the XML/settings file is left on drive plain as such , while S+ is active? was thinking to use actions to log into some "Regular"sites and surely for anyone storing passwords in actions wud be bit worrying (esp. when S+ is still not open source) Thanks
P.s. saying above, i have no issue with u not making it open source(i know u have plans) as its your work and ur baby. You are doing quite enough already with this freeware and regular support. :) |
|
|
Rob
USA
2615 Posts |
Posted - 06/16/2014 : 11:04:58
|
First of all, it's not using any particularly fancy or super strong encryption, so I don't recommend storing highly confidential or sensitive information inside; this was intended to be a simple form of basic protection from an average person who sat down at your computer and could easily open the Settings and see login details.
When S+ starts, it attempts to parse the XML file, if it fails to successfully parse, it prompts for a password, then attempts to decrypt the contents using the password. If successful, it decrypts the file, loads the settings into RAM, then re-encrypts. So the XML file is only ever in a decrypted state very briefly.
The file is otherwise never in a plain text form. |
|
|
Strokeman
33 Posts |
Posted - 06/28/2014 : 18:15:54
|
thanks for detailing rob, though i dont find much use of password feature, as someone using it to store login details(esp passwords) should logically not be doing it in absence of good encryption
Anyway, i understand that you just tried to add some very basic addon of password feature and ofcourse s+ is not some password storing privacy software or sort of.
I use keepass and i am trying to see whether i can do some automation of it with S+ , while interacting with various websites needing logins Thanks |
|
|
|
Topic |
|
|
|