hey duddies! just a question. why do we can't use a password for launching HB? because it's not hard to steal your code. you just need to get into the HB file and steal the GlobalSettings.xml and there you could see the code in raw text. I remember that you could use a password back in the days, but why is it removed? and just looking into the "GlobalSettings.xml" file I see that there is a code saying <Password></Password> it would be weird when the password is safe there.
Hi, Madcow344, Nice find. I was under the impression that the key was hashed. I don't know if something changed, or its always been that way. In either case, we've opened HB-753 ("User's "Key" should be hashed/encrypted in GlobalSettings.xml") against the issue. We'll have to see what the senior staff has to say about the issue. cheers, chinajade
Just a follow up... HB-753 ("User's "Key" should be hashed/encrypted in GlobalSettings.xml") has been marked as resolved, so it should be available in the next Honorbuddy (post-.732) release. cheers, chinajade
Because getting hold of that information would be very simple for someone with malicious intent - and getting into the computer first would be simple to do. (Purposely not saying how because while the fix for this issue is not yet released, the "attack" is still possible)
I get many poeple asking me for there help. I just need to tell something to give me there settings volder and taaadaaa! it's not that hard to do! but I'm glad there will be an password support in the next version EDIT:: I hope there would be a good enough security when I replace me own settings to me "victims" setting that this would not work
