Closed snshn closed 2 years ago
This would likely over-complicate the code, make the concept of the program harder to understand, and prevent liquid app config files from being portable. Portable but password-protected is better than non-portable and non-password-protected, but with automatically encrypted cookies.
Currently cookies are stored as-is, and it's not secure at all, especially in case if somebody finds the user's backup of Liquid App config files (.ini). Both localStorage and cookies can be encrypted using asymmetric or some other type of encryption. Here's a quick rundown:
This will prevent sessions from traveling along with Liquid App config/data (.ini) files, but at the same time minimize chance of accidentally leaking them. Leaking either config.conf or any of the app configs won't pose a danger, unless both are leaked at the same time. Could be an optional feature, for the user to choose to either protect their cookies or not (on per-app basis).