Jessecar96
Encrypt login credentials in config files
First of all, I'm no security expert.
It seems that storing Steam user passwords in plain text is very insecure, especially when the password is stored with all the other bot configuration settings. If someone has access to the file, they have access to your bot's account, and all that's left to protect your bot's account is a SteamGuard code. From what I've researched, browsers encrypt passwords they store on the hard drive. Chrome uses a Windows API that encrypts with the Windows user's password, Firefox splits the data between a JSON file and a binary file, and IE splits them across multiple binary files.
I'm quite certain there's plenty of encryption methods that exist for C# that will allow you to encrypt your passwords when storing them. Storing in plain text just seems too insecure.
Encryption would only be marginally more secure, since if they have access to your files, they have access to any encryption keys as well. That makes it hard to justify the effort.
That said, if you'd like to submit a PR that encrypts the password without significantly increasing configuration complexity, feel free.
This would add security in that if you store your bot code/credentials in a repository and then store the encryption key on the machine but NOT in the repository, they would have to hack into the hosting machine to get your credentials. Whereas now, they can hack into either the repository or the machine.
@geel9 same can be said about config files in general. We have all our authentication / config files in gitignore everyone can have their own credentials.
You will get the same result (users would have to hack in the server)
