StrokesPlus.net
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
beholder  
#1 Posted : Saturday, August 17, 2019 5:20:13 PM(UTC)
beholder

Rank: Advanced Member

Reputation:

Groups: Approved
Joined: 8/9/2019(UTC)
Posts: 86
Slovakia

Thanks: 6 times
Comodo says whenever S+ is being executed that it tries to connect to 173.248.132.35. Is there any reason for this connection?
The update check option is off in the configuration and it still tries to connect.
Rob  
#2 Posted : Saturday, August 17, 2019 9:33:36 PM(UTC)
Rob

Rank: Administration

Reputation:

Groups: Translators, Members, Administrators
Joined: 1/11/2018(UTC)
Posts: 536
United States

Thanks: 5 times
Was thanked: 113 time(s) in 100 post(s)
That's the IP of the StrokesPlus web server.

The only reason it should try to connect is if:

- You have update checks enabled
- You selected Login from the Tray icon, to synchronize settings
- Upon start, it authenticates the encrypted credentials

There's no other code which accesses the internet except when you open the Synchronize Settings window, or when you save your settings (which uploads the encrypted config for later retrieval by you)
beholder  
#3 Posted : Monday, August 19, 2019 7:29:09 PM(UTC)
beholder

Rank: Advanced Member

Reputation:

Groups: Approved
Joined: 8/9/2019(UTC)
Posts: 86
Slovakia

Thanks: 6 times
Originally Posted by: Rob Go to Quoted Post
- Upon start, it authenticates the encrypted credentials

I suppose it could be this.. Is there any way to disable the connection to outside server / credentials check, apart from blocking it with my firewall? I am not paranoid, just thorough.
Rob  
#4 Posted : Monday, August 19, 2019 8:20:11 PM(UTC)
Rob

Rank: Administration

Reputation:

Groups: Translators, Members, Administrators
Joined: 1/11/2018(UTC)
Posts: 536
United States

Thanks: 5 times
Was thanked: 113 time(s) in 100 post(s)
If you don't want it to connect, then don't login =)

It's kind of a requirement that logging in results in connecting to the server, that includes verifying authentication.

If you disable Update Check and Logout from the tray icon, it should not attempt to communicate with anything.

If it does, let me know and I will research. I do appreciate people wanting privacy and will make sure that it does not do so.
Rob  
#5 Posted : Monday, August 19, 2019 8:56:47 PM(UTC)
Rob

Rank: Administration

Reputation:

Groups: Translators, Members, Administrators
Joined: 1/11/2018(UTC)
Posts: 536
United States

Thanks: 5 times
Was thanked: 113 time(s) in 100 post(s)
You can find the details of what happens during these connections in the FAQ: https://www.strokesplus.net/FAQ

But of course, I'm aware that it means you're trusting what I say. Which I completely understand, but if you do the above, it will not communicate with my server and that can be verified using external tools.

I can say that any connection to my server is over SSL, and that forum passwords are hashed (as in, I have no idea idea what anyone's forum password is) and that the configs uploaded during these transmissions (when logged in) are encrypted.

However, in the case of configs, while I don't want to give any details, they technically could be decrypted by me or anyone who gained access to the S+ source code.
Not that I would do so, but just to be transparent about what's happening behind the scenes.

I don't recommend using the sync settings feature if you have sensitive data stored inside your S+ config...but then if you actually did, I would question your sense of being secure :)

Edit: The reason for this is that since I don't know what your forum password is, I can't reliably encrypt/decrypt them, so I have my own scheme using a combination of variables. If you uploaded one a year ago and have since changed your password, decrypting the downloaded config wouldn't be possible without the password from that point in time.

Edited by user Monday, August 19, 2019 9:29:10 PM(UTC)  | Reason: Not specified

Rob  
#6 Posted : Monday, August 19, 2019 9:17:40 PM(UTC)
Rob

Rank: Administration

Reputation:

Groups: Translators, Members, Administrators
Joined: 1/11/2018(UTC)
Posts: 536
United States

Thanks: 5 times
Was thanked: 113 time(s) in 100 post(s)
And since we're on the topic of security, I do want to point out that the Options > Advanced > External Script could be used to store sensitive information that could be retrieved by scripts without them being part of the config sync'd to my server, e.g. a function like getPassword() in the external script that you call from your actions. In that external file, you could manage security however you want.

Also, plug-ins are VERY easy to make and could also be used to secure sensitive information which can be called from scripts without exposing them to my server during settings sync.
beholder  
#7 Posted : Tuesday, August 20, 2019 5:18:05 AM(UTC)
beholder

Rank: Advanced Member

Reputation:

Groups: Approved
Joined: 8/9/2019(UTC)
Posts: 86
Slovakia

Thanks: 6 times
Yeah, this was probably my fault. I have replaced config many times and then didn't realize that the checkbox in administration is DISABLE update check, not ENABLE. When I clicked it, it stopped connecting.

I have never used the login feature but it's really neat, I never knew about it. You should have a section on your site for previous users of StrokesPlus and StrokeIt (I am both) where you introduce them to new feature like this. Something like the FAQ but for advanced users.
Rob  
#8 Posted : Tuesday, August 20, 2019 7:32:04 AM(UTC)
Rob

Rank: Administration

Reputation:

Groups: Translators, Members, Administrators
Joined: 1/11/2018(UTC)
Posts: 536
United States

Thanks: 5 times
Was thanked: 113 time(s) in 100 post(s)
Yeah, it's one of those things I slowly work on (documentation).

I'm just glad to have a basic website and some help docs :)
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.