Device concurrency question...

  • Ian

    Ian - 2014-07-02

    I've got multiple devices accessing the same DB through the "cloud" and
    am concerned that since each instance of KeepPass works with a ram
    version of the DB, the DB file can get out of sync if another device
    writes to it.

    A search in the forums talks about using file locks to protect the DB
    from this type of situation (Why does KeePass "not recommend" this in
    the configuration GUI?) however I think that means only one device has
    the ability to write -- an inconvenience if that other devices need to
    save a password update but the first device is not easily accessible to
    save any changes and close out the DB.

    I was wondering if any thought was put into and of these ideas:

    1. Any time there is an attempt to save, client checks a "version"
      variable stored in the DB first and only writes if its in-ram version
      matches, otherwise re-read DB, merge entry changes, and save. Maybe have
      a setting to auto-read DB in specified intervals for changes?

    2. Or keep the current lock system but If lock exists and client
      is not the client that holds the lock, client writes to a separate file
      that the write-enabled KeePass can merge back into the DB upon its
      writing (Maybe with the ability to accept/reject?).

    3. Or keep a "history" of changes, by appends data to the end of
      the DB instead of overwriting existing fields upon saving. Have an
      ability to eventually "compact" DB.

    4. Or ability to use a DBMS instead of a file.

    Of course all of these choices are merely options one can enable or
    disable without removing the current way things are done.


  • wellread1

    wellread1 - 2014-07-02

    Based on your post I suspect you are using KeePass 1.x. KeePass 2.x is the feature rich version and is better suited for cloud or multiple-access situations. A feature comparison is at The two editions are not database file compatible.

    Concerning the issue you raised:

    1. KeePass 2.x has a database file synchronization feature that can be automated with triggers
    2. KeePass 2.x does not use locks. It addresses multi-access issues via synchronization and an entry history
    3. KeePass 2.x has a per entry history.
    4. Due to the nature of the database file protection i.e. encryption of the entire database file upon lock/close, a per-entry commit to the database file is not likely to be implemented. However, it is possible to implement an Auto-Save trigger that regularly and automatically commits changes to the file.

Log in to post a comment.