Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable optional support for all placeholders in any type of form field #30

Closed
luckyrat opened this issue Apr 22, 2018 · 0 comments

Comments

@luckyrat
Copy link
Member

commented Apr 22, 2018

See https://forum.kee.pm/t/kee-and-otp-codes/1037 for background and motivation.

We're (as always) limited by the overlap of Firefox and KeePass API coverage so this is subject to change in case we find some unexpected limitations but this is probably what I'll implement:

  • Add radio button group to the form field add/edit form to "Enable placeholders"

  • Add the following text and link to the form field add/edit form: "It is your responsibility to ensure that the placeholders you use do not reduce the security of your database and accounts. You can learn more about placeholders and the impact of using them at ...some documentation URL....."

  • Create a new database setting to configure the default behaviour of dereferencing. It will default to disabled and the option to enable will be displayed with the following warning on screen: "Changing this setting can increase the risk of information from your database or computer being collected by malicious or compromised websites.

    It is strongly recommended to enable this feature only as a temporary aid for migration between KeePassRPC version 1.7.3 and 1.8.

    You can find more information at ...some forum URL..."

  • Change handling of Username and Password fields so that they no longer recurse through all placeholders automatically. Instead they will look specifically for the string within the username/password field and thereafter be considered identical to other text and password fields in this feature.

  • Call GetPwEntryStringFromDereferencableValue() for all for value strings but only if:

    • the radio button group is enabled for that form field or
    • the radio button group is not disabled and the database default setting indicates that we should do so
  • Replace current SPR calls with the SprCompileFlags overload instead of the deprecated overload currently in use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.