Open dmaddox099 opened 11 years ago
Kiv
commented
11 years ago Good practice is to use a distinct password for each miner, and regularly deposit mined coins to a secure wallet. With this policy, obfuscating the miner password from other users on the local machine is not security critical.
I would review a pull request to add this option, but it's not a priority for me at this time.
dmaddox099
commented
11 years ago Well, it's not just an issue of "obfuscating the miner password from other users on the local machine"... Any machine that is mining is obviously connected to a network, and there is known malware that explicitly looks for wallet files, etc. It won't be long before there will be one that explicitly looks at your currently un-securable log files and configuration files.
I would be happy if I could just make an empty log file read-only, so nothing gets logged, but the program will not start at all if it can't write to the log file.
This software saves passwords in clear text, both when settings are saved, and in it's log file. Clearly this is a major security risk. Can you at least provide an option to not save or log passwords?