Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Zimlets
Reload this Page Idea for Zimlet - Password Manager

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 01-29-2007, 07:55 AM
Loyal Member
  
Posts: 97
Default Idea for Zimlet - Password Manager
Something like keepass. Could be real simple though.

Schema:
* unique id
* zimbra user id
* Easy to recognize name for link
* url to logon page
* username
* password
* username field name (from html page to simulate post)
* username password field name (from html page to simulate post)

Might require some IT install work like setup a mysql database to store all the info.

Behavior:
1. User right clicks on the zimlet shows list of web sites that have been entered. User
2. single click or double click open the add new website form.
__________________
EricX
Reply With Quote
  #2 (permalink)  
Old 01-29-2007, 08:22 AM
Zimlet Guru & Moderator
  
Posts: 467
Default
Quote:
Originally Posted by Ericx View Post
Something like keepass. Could be real simple though.

Schema:
* unique id
* zimbra user id
* Easy to recognize name for link
* url to logon page
* username
* password
* username field name (from html page to simulate post)
* username password field name (from html page to simulate post)

Might require some IT install work like setup a mysql database to store all the info.

Behavior:
1. User right clicks on the zimlet shows list of web sites that have been entered. User
2. single click or double click open the add new website form.

sounds like a good application for a zimlet. However, there are a lot of things to be careful of here:
  • Need to make sure that the connection is encrypted. Passwords over plain text == bad
  • Check out ajaxian.com. They recently had a article about a javascript encryption library.
Reply With Quote
  #3 (permalink)  
Old 01-29-2007, 09:32 AM
Loyal Member
  
Posts: 97
Default Passwords
Good point. Maybe there should be something that checks to see that the client is using ssl and warns or prevents them when they login.

But let me ask if the user is logged on via ssl, then when the new window is opened and the post is done wouldn't it be the same risk as if you went to the site and logged on?

One other security concern I have is the passwords being stored in mysql, but the zimlet can use the logonpassword as a master encryption protection to pull the other passwords out of mysql? Does that make sense - sort of like with keepass you can't see use the other passwords until you enter the master password.

Also, I think keepass is written in Java - maybe a wrapper with a few hooks could work?
__________________
EricX
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.