SourceForge has been redesigned. Learn more.

Where are credentials for online databases stored?

  • Matthias

    Matthias - 2013-01-18

    Hi, I want to save my KP database to a SSH server, but do not want to enter two passwords when opening that database in KP -- one for the SSH server and one for the KP database itself. Thus I would rather like to store the SSH server's login credentials in KP, so that I only have to provide the DB password.

    However, isn't that a security issue?
    Where are these URL login credentials saved?

    Kind regards

  • Paul

    Paul - 2013-01-18

    You cannot save the server credentials in the database because you can't connect to the server to open the database to obtain the credentials to connect to the server......

    Credentials used in Open URL are saved in KeePass.config.xml. This is not a security issue because the database is still secure, all you are doing is downloading it. You should probably avoid using the same credentials to access other files on your SSH server.

    cheers, Paul

  • Matthias

    Matthias - 2013-01-18

    Yes, sure that the credentials are not saved in the database :)
    I ment that these credentials are saved locally, unencrypted.
    So one with access to the KP config file can access the server via SSH as well ...

  • kippr

    kippr - 2013-01-19

    Are the KDB and KDBX files as strongly encrypted as a TrueCrypt volume? Or should I store my KeePass databases in a TrueCrypt container just to be safe?

    Last edit: kippr 2013-01-19
  • Paul

    Paul - 2013-01-19

    Which is why you only have the database accessible via that login.

    KeePass uses AES 256 bit encryption, effectively uncrackable, but you can use a dictionary attach to guess the password. To protect against that KeePass uses encryption rounds.

    cheers, Paul


Log in to post a comment.