Closed himynameisdave closed 8 years ago
Can I pick this up @himynameisdave ?
Yes, what is your plan of action?
I'd like to use https://github.com/buttercup-pw/buttercup-core to encrypt the tokens. We could allow the user to choose a password which they can remember, which will be used to encrypt/decrypt the password in the buttercup archive.
@Jameskmonger yeah I'm cool with that solution :+1:
@Jameskmonger when you open a PR for this, please merge it into the v0.7.0
branch, which is my working branch for all of the 0.7.0 milestone stuff
See if we can lock that
token.json
file down or something, or store it as an env variable and then check it out every time?Very least some kind of
chmod
so an malicious attack would have to sudo at least (?)