I'm putting together a proof-of-concept plugin to obscure .INI directives. Question: Which directives does it make sense to hide? So far I have FirewallPassword, JabberPassword, MailPassword, and ProxyPassword.
MailPort?All "Mail...": MailAddress, MailUser, MailServer;
At this point I'm only obscuring directives in the .INI file. I don't have any good ideas for handling the FTP.CFG file. (Keep it on a RAMdrive; unzip or decrypt it in TCSTART if it doesn't exist?)also FTPCFG (though it would be better if that file itself could be encrypted on "home" systems).
Hardcoded at this point. I could probably work up some kind of configuration ability if there's a real demand, but right now I'm just trying to make the beast work!I'm guessing your first version will have a hardcoded list of directives to hide. Will it at some point be user-configurable?
For example, (now) I don't care about ProxyPassword and therefore I'd rather not have it obscured, in order to minimize the number of obscured directived.
I'm not going to support INCLUDEd files -- way too much code and work for way too few users. (Is that capability even documented anymore?) ASCII vs. Unicode shouldn't be an issue, as passwords are stored as plain old ASCII. And "obfuscand" is definitely my neologism for the month!I do not think MailPort is an obfuscand. Likewise, any directive which is not defined, or whose value is an empty string, could be skipped. But how would your obfuscator work with editors? Some directives are not handled by the OPTION dialogs, and must be entered using an editor. Other tricky issues: encoding (ASCII vs. Unicode) of %_ININAME; obfuscands in included .INI files (i.e., files used by the INCLUDE directive)?