collapse collapse
* User Info
 
 
Welcome, Guest. Please login or register.
* Search

* Board Stats
  • stats Total Members: 989
  • stats Total Posts: 18366
  • stats Total Topics: 2501
  • stats Total Categories: 7
  • stats Total Boards: 35
  • stats Most Online: 1144

Author Topic: Is bot.conf a save place?  (Read 10763 times)

0 Members and 1 Guest are viewing this topic.

Offline rmb

  • BeBot User
  • **
  • Posts: 33
  • Karma: +0/-0
Is bot.conf a save place?
« on: January 22, 2009, 11:10:56 pm »
Hi, I’m total newbie in terms of online services and security thus my questions my sounds fun for experts but I just want to make sure.

I manage to configure BeBot on localhost and it works fine (would be perfect with guest channel but I understand it is on FC side).
Now I come to the point that I would like to set up the bot on an external host. I manage to find shell account provider with correct PHP version and MySQL support.
And at that point I start thinking is it safe to put AoC account username and password in bot.conf?

How much secure this is?
Is there any think I can / should do to increase the security?
Maybe it is possible to rebuild the program that it would ask me for login name and password at start and not store them in a file?

Offline Temar

  • Contributor
  • *******
  • Posts: 1140
  • Karma: +0/-0
    • AoFiles
Re: Is bot.conf a save place?
« Reply #1 on: January 23, 2009, 12:32:15 am »
Quote
Maybe it is possible to rebuild the program that it would ask me for login name and password at start and not store them in a file?
that is a good idea , especially with AoC, with AO bots are usually on froob account with nothing but bots and nothing to lose

but!
the issue would i have been unable to get a input feature working for Main.php when running from StartBot.php
now running from Main.php is doable
but if u restart etc ur bot will simply die and not reload
doing it in StartBot.php doesnt seem doable cuz i only know of 1 way to pass it on and thats with the command to start Main.php and altho this will make it work and alow restarts you can see the password on the running process screen
1 other alternative is to use a file to temporarily store the password that u input into StartBot.php and then Main.php gets and removed
unless any1 thinks of anything better i will do the last thing i said which is to ask in StartBot.php and use a file for passing it on, ofc it will only be in that file for a micro sec or somit

Offline Temar

  • Contributor
  • *******
  • Posts: 1140
  • Karma: +0/-0
    • AoFiles
Re: Is bot.conf a save place?
« Reply #2 on: January 23, 2009, 09:24:13 am »
that is now done in the latest SVN version of iver 0.7(/trunk) or 0.6(/branches/0.6)
it will now ask for a password when u start StartBot.php if it hasnt been set in the config
restarts/crashes etc should work fine with out needing to enter pw again

Offline rmb

  • BeBot User
  • **
  • Posts: 33
  • Karma: +0/-0
Re: Is bot.conf a save place?
« Reply #3 on: January 23, 2009, 12:41:57 pm »
Thank you.
Just downloaded modified files and tested the change. It does almost exactly what I imagin it will.

Almost because I have noticed that password is visible on a screen.
Im not sure if that is still a security problem or jus a cosmetic, but I know that other software shows blank " " or asterix "*" instead of the password content.
Is is possible to chage it or is it save now and no need for additional work?

Offline Temar

  • Contributor
  • *******
  • Posts: 1140
  • Karma: +0/-0
    • AoFiles
Re: Is bot.conf a save place?
« Reply #4 on: January 23, 2009, 07:11:35 pm »
best i came up with was to disable the echo during entering of password
but this only works for linux

Offline rmb

  • BeBot User
  • **
  • Posts: 33
  • Karma: +0/-0
Re: Is bot.conf a save place?
« Reply #5 on: January 23, 2009, 10:22:37 pm »
Should not be a problem since for online host I'm getting a shell acount on some unix server.

Offline Alreadythere

  • BeBot Maintainer
  • BeBot Hero
  • ******
  • Posts: 1288
  • Karma: +0/-0
Re: Is bot.conf a save place?
« Reply #6 on: January 24, 2009, 09:13:28 pm »
If you can't trust your server you got even more troubles.

Entering the pw on console on restart doesn't really solve the security problem. If someone is reading the config files they could theoretical most likely read input sent over network too.

 

* Recent Posts
Com bot module by bitnykk
[November 25, 2024, 05:36:11 pm ]


0.8.x updates for AO by bitnykk
[June 23, 2024, 03:19:47 pm ]


0.8.x updates for AoC by bitnykk
[June 23, 2024, 03:19:44 pm ]


[AoC] special char for items module by bitnykk
[February 09, 2024, 09:41:18 pm ]


BeBot still alive & kicking ! by bitnykk
[December 17, 2023, 12:58:44 am ]

* Who's Online
  • Dot Guests: 310
  • Dot Hidden: 0
  • Dot Users: 0

There aren't any users online.
* Forum Staff
bitnykk admin bitnykk
Administrator
Khalem admin Khalem
Administrator
WeZoN gmod WeZoN
Global Moderator
SimplePortal 2.3.7 © 2008-2024, SimplePortal