sabrogden / Ditto

Ditto is an extension to the Windows Clipboard. You copy something to the Clipboard and Ditto takes what you copied and stores it in a database to retrieve at a later time.
https://ditto-cp.sourceforge.io/
3.93k stars 208 forks source link

The Ditto app stores the data in an unsecured SQLite database that is open to anyone that has access to the system. #657

Open Blamarama opened 7 months ago

Blamarama commented 7 months ago

Greetings,

I love Ditto. It's SO MUCH better than Windows clipboard tool. Unfortunately, I'm going to have to stop using it. Apparently, Ditto stores the data in an unsecured SQLite database that is open to anyone that has access to the system. Our security team has a problem with that.

Is there any change I could make to secure the DB? I am thinking storing it in a folder that has restricted access (to my own and higher-level accounts) but was wondering if any of you have encountered this problem and how you resolved it.

sabrogden commented 7 months ago

I've been playing around with encryption, so maybe soon. But if they have access to the system they can run Ditto and see the contents. Do you not have bitlocker on your computer, should be the same.

Blamarama commented 7 months ago

I do have bitlocker. Now that you mention it, their reasoning is completely bonkers. Anyone who can access my system will have access to all kinds of things infosec wouldn't want them to have--including Windows clipboard history, which is what they want me to use in it's stead.

You have helped me quite a bit already, I will get back to them on this. I believe encryption would be what they want, and it would make it more secure, but it seems like they're applying unequal standards here. I can work with them on that. Thanks!!

On Tue, Apr 16, 2024 at 10:53 AM sabrogden @.***> wrote:

I've been playing around with encryption, so maybe soon. But if they have access to the system they can run Ditto and see the contents. Do you not have bitlocker on your computer, should be the same.

— Reply to this email directly, view it on GitHub https://github.com/sabrogden/Ditto/issues/657#issuecomment-2059420083, or unsubscribe https://github.com/notifications/unsubscribe-auth/BHZRHFHM2AFVVR3M5NWVTVDY5VCORAVCNFSM6AAAAABGFPH47GVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANJZGQZDAMBYGM . You are receiving this because you authored the thread.Message ID: @.***>

Jaypers commented 5 months ago

Hey @sabrogden, Sadly I've had to switch to another clipboard manager due to the lack of encryption. I'm using copyq with gpg4win which provides GNU Privacy Guard on Windows. I'm wondering if GPG integration is something you might consider for future versions of Ditto?