Don't store cookies in plain text

[jrelvas-ipc]

Cookies are currently stored in plain-text at .var/app/org.vinegarhq.Sober/data/sober/cookies.

This is potentially dangerous - if a program isn't sandboxed, it's capable of trivially reading this file without any issue and grabbing the user's .ROBLOSECURITY cookie, compromising their account. Consider storing the cookies more securely, such as with the help of the keyring.

[CapnRyna]

Concerning that this wasn't thought of sooner. Hopefully will be fixed

[lunarlattice0]

I will note that Roblox stores it on Android in the open, and a compromised program would have access to far more than just a .ROBLOSECURITY, but we are considering storing it with libsecret soon.

/data/data/com.roblox.client/app_webview/Default/Cookies

[lunarlattice0]

Okay, it's in the pipeline.

[jrelvas-ipc]

Beware of the Sober pipeline...

[km9l]

lunar has tried to write a libsecret backend just because of the thumbs up count, but i am going to be entirely honest this is a non-issue. the same thing is done by firefox. anyone using firefox can feel free to open the cookies.sqlite database found in their firefox profile. not to mention roblosecurity doesnt work at all in a different IP afaik, and if a breach has full access to your desktop to a point they can utilize it inside your pc you should be concerned about other things rather than the bobux in your account.

[lunarlattice0]

I'll also add that the libsecret backend I wrote does work on GNOME, but seems to behave incorrectly on KDE systems. For this reason, I propose that this feature be employed as a flag optional feature; it'll be there for people who want it, and disabled for those who don't care.

[jrelvas-ipc]

not to mention roblosecurity doesnt work at all in a different IP afaik

There's an experimental region lock, but iirc you just need to be on the same country (or in a roughly similar location) - it's definitely not locked to a single IP, otherwise Roblox mobile users would be logged out constantly.

I'll also add that the libsecret backend I wrote does work on GNOME, but seems to behave incorrectly on KDE systems. For this reason, I propose that this feature be employed as a flag optional feature; it'll be there for people who want it, and disabled for those who don't care.

Sounds reasonable. You could always consider turning it on by default later on, once it's stable in KDE too.

[lunarlattice0]

Standby, working on a potential fix right now

[lunarlattice0]

@jrelvas-ipc Okay, the libsecret feature will be available soon. It will be enabled with the env variable LIBSECRET=1. Please note that it's wonky on KDE but should be fine on GNOME. Sober will fallback to the current setup we have if libsecret fails or the feature isn't available.