Warning For Custom Clients

[shubla]

Dont log on with public client via public computer. In most cilents it wol store your password to .haven file in "username:password" format. This might go in wrong hands

[EnderWiggin]

what .haven file? where is it located? What clients write it?

[shubla]

Atleast on amber.
C:\Users\user\.haven
Theres "loginInfo.conf" with passwords and stuff.

[EnderWiggin]

Atleast on amber.
C:\Users\user\.haven
Theres "loginInfo.conf" with passwords and stuff.

Ah, so that's amber's issue. I don't store passwords - only cookies that are easy to reset. They are stored in accounts.json in client folder.

[shubla]

Atleast on amber.
C:\Users\user\.haven
Theres "loginInfo.conf" with passwords and stuff.

Ah, so that's amber's issue. I don't store passwords - only cookies that are easy to reset. They are stored in accounts.json in client folder.

Its good that way, they dont go into random computers if youre using usb stick. but in other way people might share them accidentally with others. I suggest romovs to change it.

[romovs]

Atleast on amber.
C:\Users\user\.haven
Theres "loginInfo.conf" with passwords and stuff.

It doesn't write any settings to files at all. logininfo.conf is from somewhere else.

[bdew]

Dont log on with public client via public computer. In most cilents it wol store your password to .haven file in "username:password" format. This might go in wrong hands

FYI - my client will have a similar "save login" option in the next release.

It is opt-in - you need to mark a checkbox that's clearly marked as unsafe and colored in red.

It will also have an accompanying text in the readme:

Warning - Account Management
If you check "save login" on login screen - the client will save your password, in clear text, either in your registry (Windows) or user folder (Mac/Linux).
This is inherently unsafe. It was added as a trade off between convenience and security after requests from multiple users and friends.
I do not recommend using this option.

[borka]

It doesn't write any settings to files at all. logininfo.conf is from somewhere else.

confirmed

[jaguar]

Atleast on amber.
C:\Users\user\.haven
Theres "loginInfo.conf" with passwords and stuff.

It doesn't write any settings to files at all. logininfo.conf is from somewhere else.

But it write password to registry. And you can access those passwords using regedit if it is public user logged in...so, not secure. Please consider to use tokens.

[shubla]

Atleast on amber.
C:\Users\user\.haven
Theres "loginInfo.conf" with passwords and stuff.

It doesn't write any settings to files at all. logininfo.conf is from somewhere else.

But it write password to registry. And you can access those passwords using regedit if it is public user logged in...so, not secure. Please consider to use tokens.

Theyre very easy to dig up i agree. But i think some more secure way doing that would be very difficult maybe even cost some money.