Well, Ima be honest here, currently the Bot is still being made, The Dev team I had they all backed out due to the size, So I ended up recoding it all so they don’t say it was Stolen, currently the Bot has not as many commands as I hoped to achieve, But by next week, I plan on having it out in BETA, (with the basic Commands for Group Management, Moderation, Fun, Etc).
The Features I have planned for the bot will be : Group Management, Moderation, Fun, Custom Commands (Categorys) Which will include around 10+ commands per Category.
Right now I am getting some Errors for the DB, So I might fix the current System or use Rover API, But If I wanted I could convert all the Data from Rover into the Current DB. So they wouldn’t need to reverify (Unless they run the Command).
I only plan on using Glitch for another Few days, I havnt had the money to pay for a Secure Host right now, I get paid on tuesday, so then I can push it onto there and then Push the Dashboard to the Domain I have Bought.
I am currently using Bootstrap with this project, might change the Theme on a later day.
The Server Owner / Group Owner, will have to provide a Cookie to make it function as a group bot, Unless I make an Account that can support the groups and just make it Automatically join the group, The Cookie is entered into the DB were it turns into Hashtags in a Hidden File I can not see. I don’t believe there will be any Data Leak since I will never hire devs to work on the bot, I will do the work myself. And the Data will be Hashtagged, (Post a Screenshot when I get on PC). I can’t see into the Future that a Data Leak will ever happen, But If it does, the Data will be secured and they would have to spend a while Trying to get the data.
Data Storing : I plan on Hiding the Data in a Hidden file which can be Read or Written to with my API.
Will it be Secure? : It will be Secured by the Hashtag API I have made,+ Hidden from anyone besides you.
Well I can’t change the fact people have their Opinions. But You should trust me since Ever I started Discord Bot Coding, I have had 0 Incidents with people on here Except the one code Stealer, But You can trust me with the Bot since, Why would I even want to steal Data? I don’t like people Stealing / Hacking, It makes me Vomit just thinking about it, (The actual Stealing part). But Its up to you if you want to Trust me with the Data (Which is Hashtagged and Secured with Custom API’s), But its your choice to trust me or not.
(Sorry if theres Errors i am typing this on Mobile)
If theres any Bugs, That is found, Just DM me on here or Discord, I will make sure to find a patch!
[DOWN] RoLink will be down for a for a Few Hours for Bug Fixes.
Expected Uptime: 14:00-15:00.
Bugs Found: LeaveGuild Button is bypassable (On the list to do),
DbErrors (Failure to Fetch / Set)
People who don’t have a DB Bot wont reply to them (BEING FIXED)
Command Errors,
So in other words you’re not encrypting the security information you ask of users?
I am talking about hashing and salting/encrypting.
Without it, it will be posing a security risk.
Havn’t had much Luck with Encryption so far, But hopefully It will come later in the week, (Once I got my head around it).
But I will keep the Fourm Updated on any more Bugs / Updates on this Topic.
I personally do not think you should be allowing storage of sensitive information if you cannot properly secure this.
I am not against making the bot, I am against the lack of security of this bot.
You have a responsibility when you put this bot up for public use and this bot needs a lot more work…
Although the main purpose of this bot is to add back everything that RoVerify used to have, I’d still encourage against having the group management features unless you somehow manage to obtain OBC on multiple bots on Roblox and privately manage their cookies in a way that you can operate the bot without having to ask for sensitive information from the user.
Always go on the assumption that nothing will ever be safe, because it really never will. There is only so many defenses you can put up but attackers will always find a loophole to breach the defenses. If you are going to be storing sensitive information such as Roblox information, you will have to be wary of the responsibility that you are taking on yourself.
RoVerify was supposedly safe for users to use, but the data breach on the system that was supposedly safe shut the entire bot down. By allowing yourself to store sensitive cookie information, you sign yourself the contract that this will rebel against you at any time and that everyone’s information that is stored on the system can be usable within 24 hours time for full havoc. Once a leak happens, there is no telling what disaster can come out.
Whether you heed to my advice or not is not my concern. If you do continue, I wish the best of luck to you, knowing that you (hopefully) read these words and took it into consideration.
It is extremely irresponsible to host a service which requires people to enter in sensitive info if you don’t know/are not capable of handling and securing that information.
Dismissing proper security due to not having “much Luck” shows that you don’t prioritize security. Coming up with schemes such as “Hashtag API” (which is as secure as using a pencil and crossing out something a few times vs shredding a document) to convince yourself and others that it is secure is just another security incident waiting to happen.
All this “service” is going to due is harm the most vulnerable individuals in the community: the newbies. Those who are experienced enough and are running large-asset groups either recognize the major security implications and flaws of this or have the ability to create their own properly-secured service. Those who are at most risk due to not having the security precognition from lack of experience are put at further risk by trusting this service.
I don’t know if you are just ignorant of implications caused by not having proper security; or if you completely understand what can go wrong and just don’t care. I don’t know which is worse. Irregardless, I recommend you do the responsible thing and remove and sensitive information of any users until you properly secure your service (and ideally have an experienced individual help you and verify it is secured) before going public.
Option 1: Use an OBC Account and an automated joining system.
Option 2: Encrypt the data (which is the original plan) and let you guys self host the Roblox account.
0voters
I have read both of above comments about the Security, I might of found a way to encrypt it, But it will add up to 10 seconds delay in the setup time. So Ima add a poll and let you decide which should be done.
I currently do not feel like your method of data saving is trustworthy at all, even if you did manage to encrypt it. This is mostly because I do not trust anyone who is not 1) reputable and 2) knowledgeable in security & encryption to store my secure and sensitive information, and also because you still seem unsure if you know exactly what you’re doing.
I encourage you to stop and research fully into encrypting and figure out the best method of both encrypting data and storing it securely so that you are not a RoVerify V2.
[UPDATE] We have 2 Choices Release RoLink as a Verification bot Until i sort Encryption (so you lot can still use it)or recode it all, pick the choices
1: Release as a Verification Bot (Until I get the Security Stuff out).
You still seem extremely unsure how to proceed, you need to get a handle on this otherwise nothing will come of you. Learn how to properly and securely encrypt sensitive data, and then act on it. You have run into this situation 3 times I believe on this thread already about, ‘ok idk if i can do that so maybe this?’.
I would suggest hashing over encrypting as anything encrypted can be decrypted using the proper key while hashing is one way and can’t be “unhashed”. I may be wrong so apologies in advance if I am.
Hashing can and will be unhashed. However, developers can “salt” their hashing algorithm with a custom salting pattern to make it nearly impossible to dehash without the salting pattern. You got close though!
There is a difference between knowing what to use vs how to use it. OP seems, as @LordMerc said, unsure on how to do this. Even with a proper encryption library / function, you can still mess it all up. If you don’t know how to properly utilize encryption, you might as well store it blank text (jk, don’t).