Secure App for database access

ggbce commented 11 months ago

Please agree to the following

[X] I have searched existing issues for duplicates
[X] I agree to follow this project's Code of Conduct

Summary

Add Security options on App (not on database)

Motivation

The database security is already following a structure (KDBX4, Argon2d key, AES256 algorithm) but the like some other variants of KeePass solution (for Android, iOS, Windows, Linux, etc), if this version can be considerated as a valuable option, it miss some security at application level. In a context where the goal of an application is to secure informations, it's important to keep safe !

What it should be added:

Timeout delay before lock database access (inactivity). Give an option to enable (by default ON) with a droplist or field to input the timeout before the application ask again the password, like: 15 seconds, 30 seconds, 45 seconds, 1 minute, 2 minutes, 5 minutes, 10 minutes, 30 minutes.
Purge clipboard data after data is copied. (This is a huge lack of security to keep passwords in the clipboard, many hackers try to exploit these vulnerabilities). Give an option to enable (by default ON) with a droplist or field to input the timeout before the application will purge the clipboard, like: 15 seconds, 30 seconds, 45 seconds, 1 minute, 2 minutes, 5 minutes, 10 minutes, 30 minutes.
Lock database access on screen sleeping. In more of timeout delay, if the screen goes in sleep mode, the app should ask again password to access database. Give an option to enable (by default ON)

Considered Alternatives

Use another product that offer these options to optimize my security. But I prefer to use OneKeePass because he's available on Android AND iOS.

Anything else?

No response

jeyasankar commented 11 months ago

Hi @ggbce ,

Thanks for considering OneKeePass and for your valuable suggestions on security. Certainly I agree with you on this and I will be incorporating the suggested improvements in the coming releases.

jeyasankar commented 9 months ago

Hi @ggbce ,

I have added the database and clipboard timeouts. All opened databases that are inactive beyond the timeout period will be 'Locked'. The new version with these changes are released. Please take a look at it.

In the next release I will add locking the database on screen sleeping

Thanks

OneKeePass / mobile