You clearly don’t know anything then, I’ve worked 6+ years offsite and half of them sat beside my uncle (App developer for Food franchises such as Mcdonalds, KFC and many more). Let me make a example of this,
> App stores users payment info into a UNENCPYPTED DATABASE
> Hacker steals data with ease
> The company now has lost alot of money and a lawsuit on their hands.
That is basically what you are doing right now
You should be doing something like this
> User runs command
> The Cookie gets encrytped / hashed and then saved to the database
> Some functions here for the bot
> Decrypt the cookie (When you want to use it)
> Run what ever function you need to .
So you’re waiting until you reach 100 user to do it?
If your bot gets leaked those 100 users are done as sensitive data is leaked.
Do not wait until it’s too late, you should get started securing your system now than later.
From experience, I don’t think your system is ready. Your system is flawed and can be easily backdoored. If you want your clients to be mad at you when their data is leaked that will damage your service reputation as a whole.
You shouldn’t open your service when you have a flawed database.
For now, I suggest you to remove your bot from glitch and host it on a different VPS Service that’s secured.
To be very honest, it seems like your system WAS based on open-source code that everyone can make themselves, and you’re charging them for the same thing that could’ve been free. I suggest there should be more features added. Hosting on Glitch is not very reliable to host. Many leaks have been occuring within Glitch. There is an ongoing discussion with other developers about the situation at Glitch. Your customer’s accounts are currently at risk. All those commands could also been open-sourced via MULTIPLE open-sourced discord.js bots via GitHub, or even Plexi’s “SourceCode” repository filled with community-contributions of commands.
Please try to toughen up security, and not have information that you don’t want anyone to see, readable. You’re technically breaking TOS, because you’re storing people cookies, which is NOT allowed anywhere.
So me and federal have chosen to make one account be in all of their groups unless they buy a custom bot in which that is way more secure and it is hosted on Federal’s personal PC. It is his second PC so he is always leaving it on.
The account that is linked to all the group has the cookie that is majorly encrypted.
You do understand that noblox.js is the way to link your bot to Roblox, also it isn’t already scripted for you as you need to script the events that happen and make the promotion effect.
For others to use the bot, and use features like ranking, (promotion, demotion) shouting, exiling, etc; they need the persons cookie for their account. Due to reCAPTCHA, you cannot just use username and password, like old methods did.
Therefore, running it out of VSC won’t really work because you need a database to store the cookies.