zeruniverse / Password-Manager

An online keepass-like tool to manage password. client-side AES encryption!
Other
170 stars 44 forks source link

Logging out in 'history.php' #176

Closed Pofilo closed 7 years ago

Pofilo commented 7 years ago

When we are in history.php, there is no way to disconnect nor to go to password.php again. Plus, the function countdown() of password.php doesn't apply in history.php so we are not automatically disconnected due to inactivity in history.php.

zeruniverse commented 7 years ago

But history.php doesn't contain important stuffs. I don't know if this makes sense...

On Sun, Jul 16, 2017 at 1:42 AM Pofilo notifications@github.com wrote:

When we are in history.php, there is no way to disconnect nor to go to password.php again. Plus, the function countdown() of password.php doesn't apply in history.php so we are not automatically disconnected due to inactivity in history.php.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/zeruniverse/Password-Manager/issues/176, or mute the thread https://github.com/notifications/unsubscribe-auth/AEbvNMn4A4hmKkdFJf_f7RXB4k1xBSbIks5sOc0SgaJpZM4OZPNi .

Pofilo commented 7 years ago

It only becomes a security issue if the user forgets to log out and remains on this page.

However, I do agree, it's not a major problem, just wanted to share it to know if we can consider it at something to solve or not.

zeruniverse commented 7 years ago

Ok maybe we can add a script letting history.php close itself automatically.

On Sun, Jul 16, 2017 at 2:15 AM Pofilo notifications@github.com wrote:

It only becomes a security issue if the user forgets to log out and remains on this page.

However, I do agree, it's not a major problem, just wanted to share it to know if we can consider it at something to solve or not.

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/zeruniverse/Password-Manager/issues/176#issuecomment-315596169, or mute the thread https://github.com/notifications/unsubscribe-auth/AEbvNBxbdBalIbQynIXkEKnY8WbVFGJzks5sOdSegaJpZM4OZPNi .

BenjaminHae commented 7 years ago

Shouldn't the session get invalidated by the server automatically?

This means the history will still be visible, but reopening the manager is impossible. The history could/should be considered confidential though so changing this behavior is something we should think about.

zeruniverse commented 7 years ago

Yes. The session will be invalid. But as long as you don't refresh the history page, it will remain there.

On Sun, Jul 16, 2017 at 2:49 AM Benjamin Häublein notifications@github.com wrote:

Shouldn't the session get invalidated by the server automatically?

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/zeruniverse/Password-Manager/issues/176#issuecomment-315598192, or mute the thread https://github.com/notifications/unsubscribe-auth/AEbvNPbYQGZeIrhAHdV7xZCDBZzYxiv8ks5sOdykgaJpZM4OZPNi .

BenjaminHae commented 7 years ago

As I consider the history at least partially confidential we should consider this. To reduce duplicated implementations of such timeouts I would suggest embedding the history into the main window as a modal which displays the history.

This is really easy as history.php is just using ajax to display the information already.

zeruniverse commented 7 years ago

Yes. I'll do it when I have time

On Sun, Jul 16, 2017 at 2:55 AM Benjamin Häublein notifications@github.com wrote:

As I consider the history at least partially confidential we should consider this. To reduce duplicated implementations of such timeouts I would suggest embedding the history into the main window as a modal which displays the history.

This is really easy as history.php is just using ajax to display the information already.

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/zeruniverse/Password-Manager/issues/176#issuecomment-315598517, or mute the thread https://github.com/notifications/unsubscribe-auth/AEbvNOBbWQaCYq-iFJowprJM52FW50mSks5sOd4XgaJpZM4OZPNi .

BenjaminHae commented 7 years ago

@zeruniverse what do you think about migrating to angularJS? I've experimented a bit with it and I think there are a lot of things that get really easy and a lot more readable than they are now. If you think that's a viable option you could wait changing this until we do it during the transition.

zeruniverse commented 7 years ago

Never used angularJS before… Will take a look

On Sun, Jul 16, 2017 at 10:53 AM Benjamin Häublein notifications@github.com wrote:

@zeruniverse https://github.com/zeruniverse what do you think about migrating to angularJS? I've experimented a bit with it and I think there are a lot of things that get really easy and a lot more readable than they are now. If you think that's a viable option you could wait changing this until we do it during the transition.

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/zeruniverse/Password-Manager/issues/176#issuecomment-315625377, or mute the thread https://github.com/notifications/unsubscribe-auth/AEbvNEiSryWjjcOyCOxcLGTq3jJXl1IPks5sOk4vgaJpZM4OZPNi .

BenjaminHae commented 7 years ago

Here's a quick and very rough implementation for the history page. Not fully functional but you can see the important changes.

zeruniverse commented 7 years ago

Thanks!

On Sun, Jul 16, 2017 at 11:11 AM Benjamin Häublein notifications@github.com wrote:

Here's a quick and very rough implementation for the history page https://github.com/BenjaminHae/Password-Manager/tree/angular. Not fully functional but you can see the important changes.

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/zeruniverse/Password-Manager/issues/176#issuecomment-315626507, or mute the thread https://github.com/notifications/unsubscribe-auth/AEbvNB6-jif3tayWrTIV-nZNMQi8Uzb3ks5sOlJmgaJpZM4OZPNi .