Closed palant closed 6 years ago
The bulk of the functionality has been implemented. What's still left now:
This issue can be resolved as fixed at this point. I will open new issues on adding Google Drive as another storage provider and enabling sync in the web client.
Currently, the only way to sync two devices is exporting the passwords metadata to a file, moving that file to the other device and importing it there. This isn't a very convenient way of doing it.
The same thing can be automated using some file sharing service, e.g. Dropbox. Only password metadata will be synced, meaning that no sensitive data gets uploaded and sync only works if master password is identical for both devices. When the user sets up sync they will have to authorize Easy Passwords with their Dropbox account (limited permissions, app-specific folder only). Easy Passwords can then check the data in its Dropbox folder regularly, e.g. once per hour - downloading remote changes and uploading local ones.
Security considerations here:
data:
URIs won't work. So it seems that we need to construct some kind of an invalid HTTP URL, maybehttp://0.0.0.0/
which should definitely not result in an actual HTTP request.Conflict resolution:
x-dropbox-metadata
header can be evaluated in order to find the revision of the data. When the modified version is uploaded,parent_rev
parameter should be specified to ensure that only that revision can be replaced (alsoautorename=false
).Merging changes should work as following:
The only additional data structure needed locally here should be passwords touched since last sync, including passwords that got removed - passwords that were touched win over remote changes, the ones that weren't get remote changes applied. Note: when the sync is set up initially all passwords need to be marked as touched, otherwise they might be removed on sync.