Results 1 to 3 of 3

Thread: Idea for Zimlet - Password Manager

  1. #1
    Join Date
    Jul 2006
    Location
    Virginia Beach, VA
    Posts
    97
    Rep Power
    9

    Default Idea for Zimlet - Password Manager

    Something like keepass. Could be real simple though.

    Schema:
    * unique id
    * zimbra user id
    * Easy to recognize name for link
    * url to logon page
    * username
    * password
    * username field name (from html page to simulate post)
    * username password field name (from html page to simulate post)

    Might require some IT install work like setup a mysql database to store all the info.

    Behavior:
    1. User right clicks on the zimlet shows list of web sites that have been entered. User
    2. single click or double click open the add new website form.
    EricX

  2. #2
    Join Date
    Nov 2005
    Posts
    477
    Rep Power
    10

    Default

    Quote Originally Posted by Ericx View Post
    Something like keepass. Could be real simple though.

    Schema:
    * unique id
    * zimbra user id
    * Easy to recognize name for link
    * url to logon page
    * username
    * password
    * username field name (from html page to simulate post)
    * username password field name (from html page to simulate post)

    Might require some IT install work like setup a mysql database to store all the info.

    Behavior:
    1. User right clicks on the zimlet shows list of web sites that have been entered. User
    2. single click or double click open the add new website form.

    sounds like a good application for a zimlet. However, there are a lot of things to be careful of here:
    • Need to make sure that the connection is encrypted. Passwords over plain text == bad
    • Check out ajaxian.com. They recently had a article about a javascript encryption library.

  3. #3
    Join Date
    Jul 2006
    Location
    Virginia Beach, VA
    Posts
    97
    Rep Power
    9

    Default Passwords

    Good point. Maybe there should be something that checks to see that the client is using ssl and warns or prevents them when they login.

    But let me ask if the user is logged on via ssl, then when the new window is opened and the post is done wouldn't it be the same risk as if you went to the site and logged on?

    One other security concern I have is the passwords being stored in mysql, but the zimlet can use the logonpassword as a master encryption protection to pull the other passwords out of mysql? Does that make sense - sort of like with keepass you can't see use the other passwords until you enter the master password.

    Also, I think keepass is written in Java - maybe a wrapper with a few hooks could work?
    EricX

Similar Threads

  1. tomcat not running / postfix/postqueue errors
    By seravitae in forum Installation
    Replies: 7
    Last Post: 03-10-2007, 08:18 PM
  2. FC4 Test install getting SU: Incorrect Password
    By bbepristis in forum Installation
    Replies: 16
    Last Post: 08-11-2006, 11:07 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •