Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to config "Indicate if 2FA usage is possible" separate from "download tfa.json" #57

Closed
c33s opened this issue Jun 9, 2021 · 2 comments
Closed

Allow to config "Indicate if 2FA usage is possible" separate from "download tfa.json" #57

c33s opened this issue Jun 9, 2021 · 2 comments
Assignees
@Rookiestyle
Labels
enhancement New feature or request

Comments

@c33s
Copy link

c33s commented Jun 9, 2021

Summary

the feature Indicate if 2FA usage is possible is a cool thing but a password manager which connects to the internet ist an absolute no-go for me.

please separate the download function of tfa.json (which produces the error popup) from the Indicate if 2FA usage is possible and provide the location where this file has to be.

this would allow to use this feature but keep up high security standards by manually downloading the tfa.json file via browser, cronjob, curl, wget, ...
@c33s c33s added the enhancement New feature or request label Jun 9, 2021
@Rookiestyle Rookiestyle self-assigned this Jun 9, 2021
@Rookiestyle
Copy link
Owner

After the last change of the download location (see #49, 2factorauth/twofactorauth#5238), this can already be configured in the KeePass config file.
There is no UI for that and I don't plan to add one.

To use a local version of the file, you can add the item KeePassOTP.TFASiteCheckURL to KeePass.config.xml like this

<Configuration>
  <Custom>
    ...
    <Item>
      <Key>KeePassOTP.TFASiteCheckURL</Key>
      <Value>C:\Users\rookie\Documents\tfa.json</Value>
    </Item>
  </Custom>
</Configuration>

Out of curiosity:
What will be the difference in having the plugin download the file or downloading it by other means?
I assume you also disabled the automated update check of KeePass and don't use any other plugin (sync, ...) that connects to the internet?

@c33s
Copy link
Author

c33s commented Jun 9, 2021

thank you very much, with the added config value it works like charm.

What will be the difference in having the plugin download the file or downloading it by other means?

it's a firewall/security thing. the password manager is blocked by the firewall to access the internet. so it is not that easy for a plugin to leak information to any website.
other programs which have internet access are sandboxed and have no permission to access certain file locations.

I assume you also disabled the automated update check of KeePass and don't use any other plugin (sync, ...) that connects to the internet?

yes everything disabled. no internet for password manager at all :)
sync is again done by other tools as keepass also has the ability to sync with a other local file.

@c33s c33s closed this as completed Jun 9, 2021
@Rookiestyle Rookiestyle mentioned this issue Aug 7, 2021
Closed
@Rookiestyle Rookiestyle mentioned this issue Sep 12, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Rookiestyle Rookiestyle

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@c33s @Rookiestyle