Closed Xunius closed 6 years ago
Adding support for dynamically getting the password has been on my todo list for a while. I'd like to be able to eventually add a config line in the file similar to:
[sncli]
cfg_sn_password_eval = gpg -d password.gpg
However, really in practice, if you don't trust your computer to store a password in plain text in your home folder, why would you trust it when you input your gpg key password, or trust it to secure the password in memory... I'm somewhat unsure of the type of attack this would actually guard against in practice.
By the way, security related, it also seems that sncli logs all the network requests, which includes your api token. Just a heads up.
well, I think there is never any ultimate solution when security is concerned, you just stack layers of security measures to filter out (relatively) easy attacks. I'm no expert in these that's why I'm asking for help.
I did some simple modifications of the config.py
file, basically I copied the authentification()
function from the simplenote.py
file into config.py
, and add a while loop asking the user to input the password for the account user
, which is read from .snclirc
, the loop calls the authentification()
function to check the validity of the password, and keeps on prompting for password as long as it is wrong. Should maybe add a 3-time fail limit to it, but it's just my own dirty hack.
@Xunius I added this feature in commit https://github.com/insanum/sncli/commit/77d8568fb8faf4fd8d0d7edb50268df0ffda59d5 - please check it out and let me know if it fixes this issue. :smiley:
What a quick update!
I tried it, the 1st time I forgot to change the encrypted password file so the password was wrong, and sncli hangs without showing the message of "check the credential" or something. After re-generating the .gpg file, it works great.
Great!
sncli should display the check credentials message... perhaps the network was slow for a while or something (it worked fine when I tested it with an eval command with the wrong password). The only time it might hang without a message could be if the eval command was slow.
Hi,
Thanks for creating this great little tool.
I'm trying to figure out a way to encrypt the password info in
.snclirc
file. I had some experiences in encrypting the password for mutt config so I tried doing the same by first creating a file containing:Then encrpt it using gpg, giving an encrypted file
password.gpg
.Then in
~/.snclirc
, I putRunning
sncli
gives this error:I guess the python configparser is not recognizing the
source
command.I got around this by creating an alias:
I guess aliasing is not recursive in bash so it seems to be working. But this prevents me from adding other configs in
.snclirc
because using>>
instead of>
, I will get a duplicate error.What do you think will be my best way out? Maybe add a prompt if the password is not given in the config file?
Thanks