Shoutbox

Hi,

I'm using a lot the lock of Mp!L, beside the few changes in the 5th version (ctrl+click, same shortcut to lock AND unlock) I've got another problem...

Sometimes, when I loose the connection I think, I found on my desktop a pop Up telling me something like :
"some logs couldn't been saved on line, what do you want to do with them... bla bla bla YES NO"

First : this pop up is a clue about me using msn...
second : if someone click "yes" a window pops, and my history logs are exposed in plain .TXT,  without any password

this is not cool...
actually, all the "plustemp" is a biiig issue IMO.

I'm using MyLockBox for my history log, but... is there a way for MP!L to add this kind of option : hiding ALL the folders related ?

THAT would be VERY COOL !

http://www.fspro.net/my-lockbox/

quote:

---

Originally posted by gregrj
Sometimes, when I loose the connection I think, I found on my desktop a pop Up telling me something like :
"some logs couldn't been saved on line, what do you want to do with them... bla bla bla YES NO"

First : this pop up is a clue about me using msn...

---

This is indeed a bug as that dialog should not be shown when Messenger is locked.
As such I have requested this thread to be moved to the "bug reports" subforum instead.

-------------------------------------------------------------------

quote:

---

Originally posted by gregrj
second : if someone click "yes" a window pops, and my history logs are exposed in plain .TXT,  without any password

---

The reason for that is so you can manually save those logs somewhere (afterall, you clicked "yes" on the question "Do you want to save them?").

Note that the files in the plusTemp directory are temporary files though, they should be deleted automatically when you exit Messenger.

Also, they are not encrypted because you have disabled encryption of chat logs. If you had enabled encryption, then those files would be encrypted (however, note that they would still be uploaded unencrypted since online logging does not support encryption yet).

The temporary files in subdirectories of plusTemp, created after you have selected "yes" on the question "Do you want to save them?", are indeed stored unencrypted. I suspect this is done so you can easily see what log is what. After that you are suppose to copy/move them yourself to your local chat log folder (or wherever you want) and encrypt them yourself.

quote:

---

Originally posted by gregrj
I'm using MyLockBox for my history log, but... is there a way for MP!L to add this kind of option : hiding ALL the folders related ?

---

No... programs like myLockbox work in a completely different way and on a completely different level than Messenger Plus!.

In order to do something like that and still have access to them when the user has the correct credentials, the program responsible for hiding the folders needs to be constantly running. As soon as you exit Messenger, Messenger Plus! will be closed too.

Evenso, it is completely out of the scope of Messenger Plus! to do something like that. Messenger Plus! is an addon for Messenger. It is not suppose to manipulate your hard disk and/or Windows services. Besides, there are specialized programs out there, like myLockbox, which can do this perfectly.

Thank you for your answer (I missed it this time, don't know why)

OK for the bug, already spotted then.

About the plain text : I did set encryption for my history log.
that's why founding some temp files clear as they are is... annoying.

As you say, those files must be unencrypted for Upload, I think this is the problem.

instead of this system popup, at least, there should be something ASKING my password for granted access to clear logs.


For "mylockBox" I understand and it was much for a kind of "fantasy" of mine.. never mind.

quote:

---

Originally posted by gregrj
About the plain text : I did set encryption for my history log.
that's why founding some temp files clear as they are is... annoying.

As you say, those files must be unencrypted for Upload, I think this is the problem.

---

Are you sure you are talking about files in the plusTemp directory, and not about the files in a _subdirectory_ of plusTemp?

Because the problem is not that those files in plusTemp are uploaded unencrypted. Because as said, if you have encryption enabled, the temporary files in plusTemp will be encrypted too and even with a different password than the one you've set. Plus! reads these temporary files and decrypts them internally before uploading them; they are not store unencrypted at any point.
(again note: that is for the ones in the main root of plusTemp; the ones that are to be uploaded. Not the ones which are created as the result of a failed upload in a subdirectory of plusTemp which you are suppose to remove yourself after you've answered "no, dont try to upload again")

As for the popup

quote:

---

Originally posted by gregrj
instead of this system popup, at least, there should be something ASKING my password for granted access to clear logs.

---

If I understand you correctly, than that will not work. It might even be more annoying and making it unnecessarily complex (as in multiple dialog boxes after each other).

What I do agree with is that the current way is not quite a good streamlined solution.
(=when uploading fails, don't try again. And when you exit Messenger a popup appears asking if you want to re-upload the logs or not. And if not, open an Explorer Window and let the user deal with the unencrypted logs)

In fact, personally, I think the whole system of using a temporary directory, and the way logs are copied from your local log dir to that temporary dir needs revision (not to mention the ackward solution of having an empty encrypted log file in your local log dir when you only have online logging enabled).

Personally I would not even use a temporary directory inside the Windows user's temporary folder for all of this. Because that on its own is a 'security risk' because the user's temporary directory can be outside the Windows user's personal documents (which would be inaccesable by another Windows user if a password was set) and can even be the same one for more than one Messenger account. I would use a subdirectoy in the user's local log folder. That would solve both the previous problem (temp folder outside the Windows user account's personal documents), the problem of having multiple Messenger accounts' logs mixed up and yours.

All this said, if you really want everything to be secure I suggest to make a Windows account with a password, make sure your Windows temporary folder is also local to your Windows account and let Windows encrypt your Windows user account's local folders (so that other Windows accounts can't access it).