Open lopezjurip opened 7 years ago
Maybe an option so the user can choose whether to save it or not If it is saved, we should have a more secure way of doing so Using machine keychain? Maybe encrypting it?
I tried to use a keychain. The password can be retrieved by any instance of the binary that created it. Unfortunately, in this case that binary is node, so any program running over it would be able to get the password.
Also, I don't think that encryption is practical, as you'll need a secret to encrypt (another password).
So, for now I see these options:
Currently the cli saves the password to
~/.sincding/data.json
in plain text. I would recommend to ask for it every time it is needed.