ohld
commented
7 years ago I'll delete secret.txt file after logout.
Closed ivanychev closed 7 years ago
ohld
commented
7 years ago I'll delete secret.txt file after logout.
DrCherry
commented
7 years ago If the secret.txt is necessary, can we hash it so it's more harmless?
ohld
commented
7 years ago we need a raw username and password to login the app. But i think there is a way to save the session and use it instead of relogin every time we restart the script.
penarubah
commented
7 years ago by the way, for multiple account, secret.txt like now more convenience. so, if we want to use multiple account, just make another folder with remaining script. but yes, it feel insecure.
ivanychev
commented
7 years ago Saving session is not safer because it can be stolen. In the end we need either to ask user for password (instagram password, or the one to decrypt encrypted session in some way) or just save it in secret.txt.
I suppose that we need to add some kind of key argument, for example
python instabot script.pywill ask for credentials and won't store them, and
python instabot -s script.pywill save session in some way.
That makes the module safer by default.
ivanychev
commented
7 years ago Another thought is to use some unique static identifier (CPU model, MAC address or stuff like that) of a machine that runs the module as a encryption/decryption key. It's not the best but clearly better than plaintext.
ohld
commented
7 years ago already fixed
Frankly speaking, it's too insecure not to delete file with login/password after finishing a session.