Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add (secure) support for browser integration #259

Closed
RlndVt opened this Issue Feb 6, 2017 · 25 comments

Comments

Projects
None yet
@RlndVt
Copy link

RlndVt commented Feb 6, 2017

Implement a method to allow for browser integration.

As I understand it, both RPC and HTTP have security issues, that can't be fixed (yet?). I believe that work is being done on creating a substitute for them both, but I felt like this deserved it's own issue.

Or does the preference lie in fixing the security issue of RPC/HTTP?

@TheZ3ro

This comment has been minimized.

Copy link
Member

TheZ3ro commented Feb 6, 2017

Someone is creating a substitute for them both?

I think RPC is still better than HTTP (but that autotype is definetly the best)

@phoerious

This comment has been minimized.

Copy link
Member

phoerious commented Feb 6, 2017

I'm happy with either solution. Only someone has to do it. We don't have the resources to develop and maintain two browser plugins. And in the best case, you also want a standard that is compatible with other KeePass products. There is a lot of work attached to such a "simple" thing.

@RlndVt

This comment has been minimized.

Copy link
Author

RlndVt commented Feb 6, 2017

I might have misread a comment.

I am also happy with either solution.

I imagine focussing on the standard would be best practice, having the browser plugins part external from the KPXC project. Or does that introduce (security) problems?

@ArchangeGabriel

This comment has been minimized.

Copy link

ArchangeGabriel commented Feb 6, 2017

Does autotype works under Wayland?

@rockihack

This comment has been minimized.

Copy link
Contributor

rockihack commented Feb 6, 2017

Autotype doesn't work with wayland.
There is no way to get window titles or raise windows.

@droidmonkey

This comment has been minimized.

Copy link
Member

droidmonkey commented Feb 6, 2017

Perhaps that needs to be a feature in wayland? I am not familiar with that project enough to know if that was specifically excluded.

@rockihack

This comment has been minimized.

Copy link
Contributor

rockihack commented Feb 6, 2017

One goal of wayland is to sandbox applications and windows.
Each wayland compositor needs some form of "rights" management in the long term, but there is none at the moment.

@rockihack

This comment has been minimized.

Copy link
Contributor

rockihack commented Feb 8, 2017

Just as a side note I got a working non-global autotype for wayland, it sends keys through the linux user input system (uinput). However the user needs to configure it and switch windows manually...

@phoerious

This comment has been minimized.

Copy link
Member

phoerious commented Feb 8, 2017

Wayland is really an unsolved problem. But you're welcome to create a pull request, so we can start finding an appropriate solution.

@rockihack

This comment has been minimized.

Copy link
Contributor

rockihack commented Feb 12, 2017

@phoerious I will create a pull reqeust when the implementation is stable.
Do you want to test autotype on wayland?

https://github.com/rockihack/keepassx/tree/wayland-autotype

@phoerious

This comment has been minimized.

Copy link
Member

phoerious commented Feb 12, 2017

I'll try it when I find the time. Thanks.

@pfoo

This comment has been minimized.

Copy link

pfoo commented Mar 28, 2017

I tried both keefox (keepassrpc) and passifox (keepasshttp), I think keefox / keepassRPC is ahead in term of integration, accessibility and functionality but might be harder to port to keepassxc.

Keefox is providing an additional tab in keepass allowing to easily hide the entry from firefox, set priority override, define how to match and URL and add custom URL.
Keefox addon for firefox is also providing a better and less intrusive support for form filling and entry saving as far as I can tell

@phoerious

This comment has been minimized.

Copy link
Member

phoerious commented Mar 28, 2017

We need a cross-browser solution, though.

@kwill

This comment has been minimized.

Copy link

kwill commented Mar 29, 2017

Perhaps KeePassXC could instead expose a WebSocket server (example), and serve password data over HTTPS to browser add-ons (implemented as WebSocket clients)?

@kwill

This comment has been minimized.

Copy link

kwill commented Mar 29, 2017

Just saw Native Messaging suggested as an alternative to an https://localhost / WebSocket solution: #287

@droidmonkey

This comment has been minimized.

Copy link
Member

droidmonkey commented Mar 29, 2017

Cool idea but yikes, boost is the last dependency I want to add!

@kwill

This comment has been minimized.

Copy link

kwill commented Mar 30, 2017

@droidmonkey Which one requires Boost (WebSocket or Native Messaging)?

Perhaps browser integration would be a separate package (there only for those that want it).

@droidmonkey

This comment has been minimized.

Copy link
Member

droidmonkey commented Mar 30, 2017

Websocket server requires boost libraries which are basically like adding another​ qt

@seatedscribe

This comment has been minimized.

Copy link
Contributor

seatedscribe commented Mar 30, 2017

@soredake

This comment has been minimized.

Copy link

soredake commented Mar 30, 2017

@phoerious keefox will be re-written to cross-browser WebExtensions http://keefox.org/news/detail/2017/03/26/changes-to-keefox-in-2017 https://github.com/kee-org/browser-addon, so keepassrpc is a great choice, i think.

@prometheanfire

This comment has been minimized.

Copy link
Contributor

prometheanfire commented Jun 26, 2017

passifox/keepasshttp don't seem to support deeper url syntax / matching, making it hard to support subdomains or subfolders / realms. Since keefox does support that I think moving in the rpc support direction would be better.

@dsonck92

This comment has been minimized.

Copy link

dsonck92 commented Sep 4, 2017

Websocket server requires boost libraries which are basically like adding another​ qt

I thought that WebSockets were native inside Qt5 for quite some time now which would simply add a dependency on another Qt module

@RlndVt

This comment has been minimized.

Copy link
Author

RlndVt commented Mar 2, 2018

With the release of KeePassXC-Browser I believe this can be closed.

@RlndVt RlndVt closed this Mar 2, 2018

@adnion

This comment has been minimized.

Copy link

adnion commented Mar 7, 2018

Coming from here https://forum.kee.pm/t/use-with-keepassxc/311 what about Thunderbird?

@droidmonkey

This comment has been minimized.

Copy link
Member

droidmonkey commented Mar 7, 2018

What about it? If that is something you want supported then create a new issue please.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.