lock access to entires through GUI while allow http(or any other browser integration) access
10 views
Skip to first unread message
Alexey Popov
Feb 14, 2017, 12:11:13 PM2/14/17
to KeePassXC
Hi,
Is there a way to put keepassXC into some kind semi-locked mode where browsers would still be able to query the database (may be rate-limited), but GUI would only allow to accept or reject operation from browsers (no access to stored information) unless some password is supplied. The goal is to run keepassXC permanently as a password DB for browsers without exposing information through GUI. It is understandable that this is not really secure, but at least it would not be possible to get the data in a couple of clicks.
Regards,
Alexey
Is there a way to put keepassXC into some kind semi-locked mode where browsers would still be able to query the database (may be rate-limited), but GUI would only allow to accept or reject operation from browsers (no access to stored information) unless some password is supplied. The goal is to run keepassXC permanently as a password DB for browsers without exposing information through GUI. It is understandable that this is not really secure, but at least it would not be possible to get the data in a couple of clicks.
Regards,
Alexey
Janek Bevendorff
Feb 14, 2017, 4:19:06 PM2/14/17
to KeePassXC
Alexey,
What you want is not possible, I'm afraid. Locked means locked and unlocked means unlocked. There is not "soft-lock". I'm also not sure if we want something like that because it could confuse users and let them believe their DB has been safely locked, although it's still in memory.
The proper solution would be to trigger the unlock dialog when the browser extension queries a locked database. That is something we may implement in the future.
Alexey Popov
Feb 14, 2017, 5:45:33 PM2/14/17
to KeePassXC
Hi Janek,
I am talking about locking GUI interface. You could call it somewhat different if you like, e.g. "restricted GUI mode" or whatever. Off course, DB would be still unlocked. Also I would say that writing code under assumption that you user is, ehm, mentally challenged might not be a best idea.
Your solution of unlocking database on browser's request would not be useful for me. In fact, one could argue that if this happening often enough it could be more harmful then keeping database open (password strength would be low and simple eavesdropping would be sufficient).
Anyway, thank you for your answer.
Kind regards,
Alexey Popov
I am talking about locking GUI interface. You could call it somewhat different if you like, e.g. "restricted GUI mode" or whatever. Off course, DB would be still unlocked. Also I would say that writing code under assumption that you user is, ehm, mentally challenged might not be a best idea.
Your solution of unlocking database on browser's request would not be useful for me. In fact, one could argue that if this happening often enough it could be more harmful then keeping database open (password strength would be low and simple eavesdropping would be sufficient).
Anyway, thank you for your answer.
Kind regards,
Alexey Popov
Janek Bevendorff
Feb 14, 2017, 6:04:17 PM2/14/17
to KeePassXC
I understood what you meant. I'm also not taking our users for idiots, but understanding the difference between a soft-lock and a lock can be quite challenging for non-technical users. I would prefer not having such a feature.
Better set a reasonable (not too long, but also not too short) timeout on your database and let the browser ask you to unlock it (once it's implemented).
Reply all
Reply to author
Forward
0 new messages