Looking for people to test security of this method
I've recently had the need to enter a password into a program to access some data
But I don't want to have to enter the password everytime I run the script so I've come up with this "secure" method of just needing to ask for the password once.
_password is set to be transient so it shouldn't be saved when script saved
If _password already set then it won't ask for it
answer is cleared down so that it's not left in there either
Here is a script pic as well as program (in case _password is exposed in a script pic)
Please let me know if you can read my password
I don't think the variable is stored in the metadata of the image. I imported the script but found no trace of the password visually. To look deeper, you might want to dig around in the metadata of the image.
There's a block that allows you to "encrypt" your password that encodes with sha512 hash.
However it's hidden in dev mode, so:
- Shift-click the Snap! logo in the editor, then choose Switch to dev mode.
- Go to operators, scroll and find this block
Is there any way to decrypt it?
SHA512 was for security, for Security, and avoid attackers and malware, there's no way to decrypt it.
This thread is about securing a password from accidently disclosing it not about encryption
I've tested it to my satisfaction but wanted to see if anyone else could see any flaws in the script/concept
So this is what I'm using it for
I can (hopefully) publish a program like this
that doesn't store my MQTT broker write access password (my broker allows anyone to read topics (such as cheerlights/#) but needs a password to publish to them
i think this should be fine as long is the variable isn't stored in the project state? one way i feel like you could test the security of this is to enter your password then download and search for the password in the project metadata
for instance, enter "GenericProjectPassword" then download it and use a text editor to attempt to find that string in the project
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.