mysql root user can grant access to any non-personal password to any user

[tpharryman]

By adding the user number to the restricted_to column of the teampass_items table, a mysql user with access would be able to grant access to any user to any password not in a personal folder (it doesn't seem to allow the personal item to be seen, regardless of the entry in this column).

Ideally, the only access for passwords would be by the party entering them (or their manager) to grant access, not a system user.

[nilsteampassnet]

Hum I don't really understand your point.
Of course if someone get access to a database, then he can do whatever he wants.
Let me in with a mysql account in a Mysql database of any existing tool and I promise you I can do many changes ;-)

Of course such an account has to be protected and should only be known by an administrator.

It's normal that even with playing with this table on personal item, you can't see the pw because they are encrypted with a personal salt key.

Perhaps did I badly understood your point, can you be more precise?

[syphernl]

Doesn't look like you misunderstood him. This is the same as with every (web)application, if you have/gain local access to the machine hosting it (or just the database) gives you enough power to grant yourself more rights.

Its your responsibility as a TP Admin/Master user to setup access limits to the server.

[tpharryman]

Well, the problem our information security manager has is that the TP Admin may not have the need to know all the shared passwords in the database. Some he may not be supposed to know. He should not be able to grant himself (or anyone else) access to sensitive data just because he has root access to the database, or the god role.

For example, the combination to a safe with $5 million is kept in TeamPass, only accessible to the VP of Finance, the CEO, and his lovely secretary (corporate politics, I guess). The Linux Admin is paid $52K/yr, and sees this as an early retirement in some far-off land (maybe with the secretary). He should not be ABLE to grant himself or anyone else access to it - once it belongs to a certain role, only that role manager (not "god") should be able to grant access.

It is not a matter of trust, it is a matter of access. Best practices means you don't have to trust him to not give away the keys to the kingdom - if he can't do it, the question never comes up.

The way TP is set up, this does not work on personal passwords - even if you grant someone access, they cannot see them, and if they could, the salt key prevents them from decrypting it. We have been cleared to use it for personal (non-shared) passwords only.

Nils, I really like the software, and I think you did a great job here, this is just the restrictions imposed on me by the company. If you see this as a "non-issue", then please close it out.

Thanks.