Auto Insert ?

[LiloBzH]

Hi Dantelle !

I discovered this new extension since KeeWebHttp no longer works under KeeWeb. Thank you first for this new application!

Is there an auto-fill when there is only one entry?

Thank you

[antelle]

Hi! We now have KeeWeb Connect that can be installed from app settings, Browser section.
What do you mean by "auto-fill when there is only one entry"? It should auto-fill in this case, right. It doesn't work for you?

[LiloBzH]

yep. There is no auto fill

[antelle]

There are different cases. Let's see, what do you see in the UI when do you try to auto-fill, which filters are selected and does it find any match?

[LiloBzH]

you can test here if you want : https://www.netvibes.com/fr#!signin

If i force with Right Click (in username case) Keeweb > Insert Username + Password

=> username / password appear and i can connect

In keeweb, only one entry with this domain

[antelle]

Oh, you mean, you expected the credentials to be auto-filled without a user action, right? So that when you open a website, username/password is already there?
This is not supported in KeeWeb Connect and to get this kind of auto-fill, you can use KeePassXC-Browser extension. Alternatively, a suggested way to quickly insert credentials in KeeWeb Connect is via a shortcut (shortcuts are different per browser, you can find it in extension settings).

[LiloBzH]

ah ok si, this is normal. My previous app auto-fill without action, that's why !

ok ok !

and yes, i I had seen the shortcut :-)

[antelle]

KeePassXC-Browser provides this kind of integration, while KeeWeb Connect is more like auto-type for browser done right, that's why the decision was to support both extensions.

[LiloBzH]

good idea. at least we have a choice! :)

[antelle]

That extension, unlike KeePassHttp, is actively maintained and doesn't have security concerns not being addressed, so it should be ok to use it if you prefer. The integration may be not very smooth (because it's a 3rd-party extension that is designed to work with KeePassXC, not KeeWeb), especially now, please report issues if you choose to use that extension.

[LiloBzH]

no problem. I test KeePassXC extension for this moment

I will be re testing the official extension in a few versions. (i prefer use Your extension with You app ! normal :) )

Currently, some sites are malfunctioning like aliexpress. the password is not displayed in same time of ID. you have to click for the id and after click for the password only

[antelle]

I see why, on AliExpress there's an input without form. Should be possible to fix, thanks!
I'm collecting reports about non-working websites and will release an update with them soon.

[LiloBzH]

well, after some tests, KeePassXC extension is not really good. Multi-password management works with the same window so ... no advantage. Restart chrome : same, window for connection

The only advantage of KeePassXC : it's auto-filling when there is only one password

KeePassHttp miss me ^^

[antelle]

I think multi-password management can be an issue in KeeWeb, we always return the best match to the extension. This can be fixed for the KeePassXC-Browser case.

[antelle]

Apart from multi-password management and auto-submission, is there anything else that is better in KeePassHttp compared to two options existing now? I can look into different options of what we can do, but I'd like to understand what is needed in the first place.

[LiloBzH]

For me, and as you wrote, the real "problems" of the disappearance of KeePassHttp are: 1 / Auto fill when there is only one possibility 2 / In case of multi password, proposal in drop-down menu and not in pop-up 3 / make the link permanent 4 / Management of Auth Window

If these improvements could emerge because clearly, using YOUR app and YOUR extension, it is perfect for interoperability and security (especially for this kind of software). Casually, we are counting on you to protect our passwords :sweat_smile:

EDIT : add 4/

[LiloBzH]

I forget the management of Auth Validation !

(To precise my bad english : Auth Validation is the window of htaccess of apache, Auth of nginx etc ...)

[antelle]

Ok, thank you for sharing, I'll see what other opinions are, but now I can say that:

1. Is a bit bug-prone, because we need to detect login fields on the page, there's no API that would say "this is the login form", but maybe there's some implementation that we can reuse, I need to research it.
2. This is something that can be done, for now this task is left for KeeWeb because it already has the auto-type UI where you can filter entries. In theory, we can fetch multiple items from there and show them in the menu, so that you can select which one to auto-type. The question is how to show it though, also not very clear now.
3. Unfortunately won't happen. We can optimize this process though. Maybe we can offer it as an option, but I don't know. It's like storing your passwords in a text file. Of course not to that extent, but that's easily exploitable.
4. "Auth Validation", you mean something called "basic http auth", right? It will be eventually implemented in our extension too. Created #8 from it.

[LiloBzH]

"basic http auth" yes . that's it ^^

For 3 / the repetitive validation of link can be painful but that's it. It is not a big big "problem" especially if it's security related .

[antelle]

Added #9 and #10 about 1 and 2

[LiloBzH]

if at some point you're looking for beta testers, don't hesitate