Hello bschollnick2,
The issue with the DeviceID error is fixed with 1.52...
Thanks.
MrJeffreyGee wrote:bschollnick2 wrote:Version 1.52 of Find My iDevices! is being released.
https://dl.dropbox.com/u/241415/Find%20 ... 0v1.52.zip
Changes since v1.51:
* Addressed an issue with the Sanity checking of iDevices with Apple's server.
I'm having trouble installing 1.52 of Find My iDevices. When I double click on the file that's in the "Add to Plugin Directory" it causes Indigo to stop all my plugins and it seems to shut down the server. Then a window pops up and asks me to select my database cause it can't find it or it's corrupted. I select my database and everything boots up as normal, but there doesn't seem to be any changes and it still says Find My iDevices is version 1.51. I also tried manually copying the file to the plugins folder and restarted the server, but no change on version number.
For the folder in the "Add to IWS Plugin Directory" I copied it without any issues, not sure if this will cause problems cause it's running a 1.51 plugin with a 1.52 folder.
bschollnick2 wrote:I'll rebuild v1.52 again tonight. For some reason, it appears that the IndigoBundle has been damaged. (It shouldn't be a folder...)
The updated archive is here.... It looks fine on my Lion system, but under Mt. Lion, it didn't... Strange...
https://dl.dropbox.com/u/241415/Find%20 ... 0v1.52.zip
- Benjamin
MrJeffreyGee wrote:bschollnick2 wrote:I'll rebuild v1.52 again tonight. For some reason, it appears that the IndigoBundle has been damaged. (It shouldn't be a folder...)
The updated archive is here.... It looks fine on my Lion system, but under Mt. Lion, it didn't... Strange...
https://dl.dropbox.com/u/241415/Find%20 ... 0v1.52.zip
- Benjamin
I download this link above that I quoted and it works, but when I double clicked on it it said "Install and Enable Find My iDevice 1.51". Is that a typo? Looking in the setting it still says 1.51 too.
MrJeffreyGee wrote:Is there a setting or something to hide our passwords or make it appear as asterisks in the Event Log & Device Settings? This seems like a potentially serious security issue, which could result in our Macs, iPhones, iPads, & iPod Touches being remotely wiped. Our Apple IDs are linked to credit cards on iTunes as well.
jay (support) wrote:I should point out that the plugin is completely in control of what gets posted into the Event Log so if it's being inserted there the developer can just NOT put it there.
The developer can do it themselves of course - when the plugin gets the config dialog when the user clicks the save button, they could encrypt the password themselves and store the encrypted version rather than the unencrypted version. So it wouldn't be stored in the clear and when the dialog is opened for editing they could just not show it or show whatever they want. So really the only time the password would show up is when the user types it into the text field and before they click the save button.
bschollnick2 wrote:My real concern is that Indigo needs to have a better password widget, then just using a plain text field.
matt (support) wrote:Our point is it isn't just a matter of making the UI widget show •••• instead of the actual password, since that doesn't encrypt the password itself. Given our ToDo list, we won't be able to implement this anytime in the near future (our ToDo list of high-priority items is very long at the moment). So I'm not saying this is needed or important, just saying it isn't going to be in Indigo in the short term.
Your plugin can probably handle this by accessing the OS X keychain for storing the password. Take a look at this as an example.
As a side note on terminology, when we refer to hash, we mean a 1-way hash function that can be used to validate if a manually user-entered password matches but cannot be used to retrieve the original password. What plugins need is 2-way encryption and decryption technique, most likely by access to the Keychain API.
bschollnick2 wrote:The only time the username / password is placed into the log, is if Debugging is turned on for Find My iDevice. And it's configured to do that, so that the owner can see if there is an typo....
bschollnick2 wrote:Any changes made in the Device Records, are recording in either the preference file or Device database, right? So since the username / password data is a separate device, your suggesting that I don't store the username / password data in there.
def closedPrefsConfigUi(self, valuesDict, userCancelled):
def closedDeviceConfigUi(self, valuesDict, userCancelled, typeId, devId):
bschollnick2 wrote:Well, then it means the user has to modify the username / password via going directly into the Keychain utility to modify the username / password....
bschollnick2 wrote:I don't disagree that this is a security concern. But what's the changes of someone harvesting this information from Indigo?
bschollnick2 wrote:Using the keychain to store the information is a possibility, but I don't have a UI that interfaces with the keychain. And I don't see a reasonable way to create one in Indigo, since the data that I need to secure will be written to the database or preference file(s).
bschollnick2 wrote:I encourage you to show us a proof of concept.
bschollnick2 wrote:There are other plugin authors dealing with this same issue as well, all of us would benefit from it.
bschollnick2 wrote:And saying that the Developer needs to solve this seems like your pointing fingers, especially when the tools aren't here for us to solve this in a useful manner.
Users browsing this forum: No registered users and 1 guest