Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set user password instead of using keytar #152

Open
baruchiro opened this issue Dec 21, 2020 · 1 comment
Open

Set user password instead of using keytar #152

baruchiro opened this issue Dec 21, 2020 · 1 comment
Labels
security Pull requests that address a security vulnerability
Milestone
M3 - Fix the most...

Comments

@baruchiro
Copy link
Collaborator

It seems that every node process can retrieve passwords stored by keytar by our process.

This is a limitation that is described in the keytar bug, and it seems to be a security weakness that software generally does not want to take responsibility for (Chrome, for example).

I think we should keep all passwords secure with a user password.
For example, use the user password as an encryption key.

From baruchiro/israeli-bank-scrapers-desktop#32

(I think the link to the Chrome blog is interesting and really important)
@baruchiro baruchiro mentioned this issue Dec 21, 2020
Closed
@giladtaase giladtaase mentioned this issue Dec 21, 2020
Closed
@baruchiro baruchiro added the security Pull requests that address a security vulnerability label Feb 2, 2021
@baruchiro baruchiro mentioned this issue Feb 4, 2021
Closed
@baruchiro baruchiro added the good first issue Good for newcomers label Feb 4, 2021
@baruchiro
Copy link
Collaborator Author

Hey, it is good-first-issue, but it is important to discuss how do you plan to implement it before you start to.

@baruchiro baruchiro added the hacktoberfest https://hacktoberfest.digitalocean.com label Oct 5, 2021
@brafdlog brafdlog removed good first issue Good for newcomers hacktoberfest https://hacktoberfest.digitalocean.com labels Jan 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security Pull requests that address a security vulnerability
Projects
Caspion backlog
Status: No status
Milestone
M3 - Fix the most significant UX issues
Development

No branches or pull requests
2 participants
@brafdlog @baruchiro