It is extremely irresponsible to host a service which requires people to enter in sensitive info if you don’t know/are not capable of handling and securing that information.
Dismissing proper security due to not having “much Luck” shows that you don’t prioritize security. Coming up with schemes such as “Hashtag API” (which is as secure as using a pencil and crossing out something a few times vs shredding a document) to convince yourself and others that it is secure is just another security incident waiting to happen.
All this “service” is going to due is harm the most vulnerable individuals in the community: the newbies. Those who are experienced enough and are running large-asset groups either recognize the major security implications and flaws of this or have the ability to create their own properly-secured service. Those who are at most risk due to not having the security precognition from lack of experience are put at further risk by trusting this service.
I don’t know if you are just ignorant of implications caused by not having proper security; or if you completely understand what can go wrong and just don’t care. I don’t know which is worse. Irregardless, I recommend you do the responsible thing and remove and sensitive information of any users until you properly secure your service (and ideally have an experienced individual help you and verify it is secured) before going public.
Option 1: Use an OBC Account and an automated joining system.
Option 2: Encrypt the data (which is the original plan) and let you guys self host the Roblox account.
0voters
I have read both of above comments about the Security, I might of found a way to encrypt it, But it will add up to 10 seconds delay in the setup time. So Ima add a poll and let you decide which should be done.
I currently do not feel like your method of data saving is trustworthy at all, even if you did manage to encrypt it. This is mostly because I do not trust anyone who is not 1) reputable and 2) knowledgeable in security & encryption to store my secure and sensitive information, and also because you still seem unsure if you know exactly what you’re doing.
I encourage you to stop and research fully into encrypting and figure out the best method of both encrypting data and storing it securely so that you are not a RoVerify V2.
[UPDATE] We have 2 Choices Release RoLink as a Verification bot Until i sort Encryption (so you lot can still use it)or recode it all, pick the choices
1: Release as a Verification Bot (Until I get the Security Stuff out).
You still seem extremely unsure how to proceed, you need to get a handle on this otherwise nothing will come of you. Learn how to properly and securely encrypt sensitive data, and then act on it. You have run into this situation 3 times I believe on this thread already about, ‘ok idk if i can do that so maybe this?’.
I would suggest hashing over encrypting as anything encrypted can be decrypted using the proper key while hashing is one way and can’t be “unhashed”. I may be wrong so apologies in advance if I am.
Hashing can and will be unhashed. However, developers can “salt” their hashing algorithm with a custom salting pattern to make it nearly impossible to dehash without the salting pattern. You got close though!
There is a difference between knowing what to use vs how to use it. OP seems, as @LordMerc said, unsure on how to do this. Even with a proper encryption library / function, you can still mess it all up. If you don’t know how to properly utilize encryption, you might as well store it blank text (jk, don’t).
10 Long Days later. Encryption is finally coming along.
Fixed the DB Errors, Turned out the DB was not returning data.
Added Advanced Error Logging to quickly fix the Errors!
If you need support you can now run support and a Support Agent will try and get to you. (The Support Staff will join your server with a Invite provided via the Bot.
Bot is now Fully working, Enjoy the Bots
NOTE: Encryption is now being added within a day or two.