Well, I was thinking that even if I encrypt the password and store it into the database such as using crypto, this only prevents
- plain text view
- that’s it
I can go on to set a password for the database or encrypt the database as well
Anyone who gets hold of the database file can still easily decrypt the database and the passwords.
However, I guess if an abuser really wanted to get hold of the auth token, they would probably get it?
Also, I am speaking in terms of JavaScript and I have found that there is no easy way to protect the source code. In a scenario where I were to distribute my application to many users, and an attacker wanted to get all the auth tokens of these users, they would simply have to look at my source code and how to decrypt everything. Then, create a malicious program to decrypt a user’s information. Of course, the attacker would have to find a way to get this malicious program onto the user’s system. So perhaps the issue lies within JavaScript itself? Sorry, perhaps this is way too crazy. I am just preparing for the worst-case scenario LOL
EDIT: I mean electron, not JavaScript. Since I am reading that nw.js does protect js source code.