search

jnko / SimpleDatabaseBackup

SimpleDatabseBackup is a KeePass plugin which was created for simpleness. There is no setup, no GUI and no configuration no dependencies. Just copy over the plugin into KeePess plugin folder and you are done.
49 stars 5 forks source link

Backups when saving an FTP stored file #5

Open fldavem opened 7 years ago

fldavem commented 7 years ago

Would it be possible to either

  1. Create a backup remotely of the file when it's stored on an FTP site, or
  2. Create a local copy of the file where the application is installed (C:\Program Files.....) when saving TO the FTP site?

Just an idea - thanks for considering.

biolauri commented 7 years ago

Just want to add some offtopic notices according to your concerns mentioned in this commits comments.

I use the FTP option cause I’m trying to avoid storing my password file on another semi-public site like dropbox. But perhaps I’m paranoid and the encryption is enough. It’s just, they’re passwords for kinda important things!!

First of all, with a sufficiently strong master password, your database file is secure everywhere.

For the following, I assumed plain FTP, as you didn't use an S around the abbreviation (like SFTP or FTPS) and KeePass doesn't support any secure transfer out of the box. But if you still concern about security, you should think about the way syncing your database file. Using the plain FTP option without addons is in my opinion far more insecure than using any closed source service for syncing (like Dropbox), as these services provide (transfer) encryption (like HTTPS). It's not just that it encrypts the up- and download stream, but also encrypts your password when you log in, which plain FTP lacks support of. So using a semi-public service is by far better than using a completely public way like plain FTP.

If you want to avoid using plain FTP and services like Dropbox, what about using OwnCloud (or some alternatives) with your own installation or changing to SFTP with KeePass IOProtocolExt plugin.

PS: There's nothing bad with being paranoid concerning your password safe. ;-)

Nevertheless, this issue affects also SFTP and other Protocols with IOProtocolExt. Changing to hosted sync services (OwnCloud, Dropbox, …) is a pretty nice workaround.

jnko commented 7 years ago

First of all, with a sufficiently strong master password, your database file is secure everywhere.

@biolauri Beside the fact that you are right, FTP is still one of the simplest and most used method to transfer files. Anyway I need to remind that FTP is unencrypted at all. Neither the transferred data, nor the username/passwords...

Personally I use my own NextCloud to sync and that's ok but I still agree with @fldavem at least KP built in FTP should work. The .NET WebClient class just supports Up- and Downloads. No Delete, no list or something else. A little bit difficult to get SDB done with just those methods. Fortunately >=.NET 2.0 supports WebRequestMethods.Ftp which supports Get,Put,Del,List.

I know the IOProtocolExt plugin but it would be the first dependency for SDB -> No more 'simple' then. Additionally IOProtocolExt relies in WinSCP (another dependency) and is a 'Windows Only' plugin. This would break cross platform compatibility and that's a no-go to me.

I guess it would be much better (and even easier) to place the backups in a users profile folder when using a non-local path (SCP, SFTP, FTPS) and WebRequestMethods.Ftp for FTP. But other ideas are welcome too...

biolauri commented 7 years ago

I totally agree with you, @jnko: Local backups when using a non-local database file is the easiest, hence best solution. I should have pointed out clearer, that my answer is more a hint for a workaround than a solution.

The users profile folder is good as long as using installed KeePass. but is it ok with portable versions? I don't know if it would be better to place it into a subdirectory of portable KeePass, as I'm neither using FTP nor KeePass portable.

jnko commented 7 years ago

... The users profile folder is good as long as using installed KeePass. but is it ok with portable versions? I don't know if it would be better to place it into a subdirectory of portable KeePass...

The problem is that the KeePass folder, when installed, is write protected normally. A portable folder may be write protected too e.g. using an USB-Key with R/W switch, SD-Card, R/O mounted USB-key ect...

Probably I should do a small test to determine if the DB folder is write protected or not. If not the backups should be placed beside the main database, else I would create a new backup folder the the users profile folder (%USERPROFILE% or $HOME) and inform the user about the backup path.