keepassvault icon indicating copy to clipboard operation
keepassvault copied to clipboard

Published 20 hours ago verified publisher icon aivanovski

Don't use ProtectInMemory to determine which fields to hide

Open julianfairfax opened this issue 1 year ago • 4 comments

See #208, https://github.com/libkeepass/pykeepass/issues/376, and https://gitlab.gnome.org/World/secrets/-/issues/518. KeePassVault hides all fields with the ProtectInMemory=True flag, added by apps such as GNOME Secrets. This flag shouldn't be used to determine which fields to hide. Only the password field should be hidden. Here is a test file: passwordistest.zip.

julianfairfax avatar Mar 02 '24 12:03 julianfairfax

Here is the difference between these two flags: image

KeePassXC also uses 'ProtectInMemory' to hide sensitive data. So, I think it's right choice.

aivanovski avatar Mar 02 '24 12:03 aivanovski

If you want to discuss my decision, please reopen the issue @julianfairfax I don't think Gnome Secrets is an application we should be pursuing in this area.

aivanovski avatar Mar 02 '24 13:03 aivanovski

Requires further investigation according to the latest comment here https://gitlab.gnome.org/World/secrets/-/issues/518

aivanovski avatar Mar 03 '24 09:03 aivanovski

I'm not sure that I'm able to understand the real reason of this issue with Gnome Secrets. And it is still not clear how to debug it, as KeePassXC modifies database content when creates xml dump. But as all work with KeePass is done with kotpass library, maybe it's creator is able to understand what is going wrong. @Anvell Could you please check it? If you need more background on this issue, please don't hesitate to ask.

aivanovski avatar May 04 '24 18:05 aivanovski

Fixed in pykeepass > 4.0.7

aivanovski avatar May 21 '24 17:05 aivanovski