Referencing a string field does not honor its protection flag
A lightweight and easy-to-use password manager
Brought to you by:
dreichl
Menu
▾
▴
#2696 Referencing a string field does not honor its protection flag
With KeePass 2.50 I have some string fields in my database that act similar to passwords (answer to security questions; other side-authentication data; etc.) where I enabled the checkbox "Protect value in process memory" if the data is sensitive.
This data is stored in an extra collection of entries and referenced in a readable (formatted) manner in the notes field of all related entries that are connected to them. But the issue is if a string field with the checkbox "Protect value in process memory" enabled is being referenced instead of showing asterisks like the password field does the notes field and its tooltip show the original value instead which is probably unexpected to an user and might be slightly insecure.
As a workaround I just do not reference all protected values in the notes field but use 8 asterisks instead like the password field shows them - but this also makes things not as structured anymore.
Not a bug, but this might indeed be interesting as an option. Moving to open feature requests.
Thanks and best regards,
Dominik
Ticket moved from /p/keepass/bugs/2129/