Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request : Require Password for Exports #199

Closed
KeithIMyers opened this issue Jan 12, 2017 · 5 comments
Closed

Feature Request : Require Password for Exports #199

KeithIMyers opened this issue Jan 12, 2017 · 5 comments
Labels
enhancement
Projects
Version 2.1
Milestone
V2.1

Comments

@KeithIMyers
Copy link

KeithIMyers commented Jan 12, 2017
edited

Exporting the unencrypted CSV file from Passman could put the user at risk. As such, a warning should be displayed to the user advising that their passwords will be available in Plain Text. They should be forced to confirm this by entering their password prior to an export.

Last one tonight, I promise
@maestroi
Copy link
Collaborator

My suggestion is export a zipfile with a password.
Buy if an attacker already have the rights to export those credentials you are done anyway, this wil not help security.

Disabling exporting is a way better solution to make it save.

@brantje brantje added this to the V2.1 milestone Jan 12, 2017
@brantje
Copy link
Member

brantje commented Jan 13, 2017
edited

Requiring a password before exporting seems a good idea to me.
@maestroi, password protected zip's are as far i know not possible in javascript.
It is however possible to create a normal zip (without password), using JSZip

@animalillo
Copy link
Collaborator

i have created #203 which might solve the problem of exporting with a password protected zip! (Which happens to be a completely unrelated thing to this issue).

I also agree with requiring to enter vault password before export.

@brantje brantje added this to Todo in Version 2.1 Feb 14, 2017
brantje added a commit that referenced this issue Feb 14, 2017
@brantje
Require vault key for export. Fixes #199
29e801b
@brantje
Copy link
Member

brantje commented Feb 14, 2017
edited

Feature is implemented in the V2.1.0 branch, if you want you can test it.

brantje added a commit that referenced this issue Feb 14, 2017
@brantje
Require vault key for export. Fixes #199
d2d6807
@brantje brantje moved this from Todo to Needs review in Version 2.1 Feb 14, 2017
@brantje
Copy link
Member

brantje commented Feb 16, 2017

Fixed in 2.1

@brantje brantje closed this as completed Feb 16, 2017
@brantje brantje moved this from Needs review to Resolved in Version 2.1 Feb 17, 2017
brantje added a commit that referenced this issue Feb 17, 2017
@brantje
Lock vault after 3 wrong attempts (Fixes #197)
6767322 
    Fix share button, fix shared_key not added to storedCredential after sharing (Fixes #249)
    Add password app importer. Fixes #248
    Fix version check via proxy. Fixes #237
    Fix activity app not filtering. Fixes #246
    Add EnPass txt importer. Fixes #159
    Fix for disabled share button
    Require vault key for export. Fixes #199
    Indicate that sharing only works with users that have 1 or more vaults.
    Fixes #242
    Reset tags on logout. Fixes #245
    Ability to enter OTP secret manually. Fixes #198
    Create teampass importer. Fixes #244
passman-bot added a commit that referenced this issue Feb 17, 2017
@passman-bot
Passman 2.1.0
af0d560 
    Lock vault after 3 wrong attempts (Fixes #197)
    Fix share button, fix shared_key not added to storedCredential after sharing (Fixes #249)
    Add password app importer. Fixes #248
    Fix version check via proxy. Fixes #237
    Fix activity app not filtering. Fixes #246
    Add EnPass txt importer. Fixes #159
    Fix for disabled share button
    Require vault key for export. Fixes #199
    Indicate that sharing only works with users that have 1 or more vaults.
    Fixes #242
    Reset tags on logout. Fixes #245
    Ability to enter OTP secret manually. Fixes #198
    Create teampass importer. Fixes #244

Signed-off-by: Passman Bot <info@passman.cc>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
No open projects
Version 2.1
Resolved
Milestone
V2.1
Development

No branches or pull requests
4 participants
@brantje @animalillo @KeithIMyers @maestroi