Just wondering whether it's ok to store my database file on a public webserver? Assuming I have a long password that I have confidence in, am I correct in thinking that there's no need to hide the file?
I think it would be useful to be able to access it from anywhere, I just want to check that I'm not overlooking anything :)
If you have a strong master password, there should be no problem. Notice that I said 'strong', not 'long'. A rule of thumb is that if you can remember your password, then it's not strong. For example, the password 'now is the time for all good men' is long, but probably not strong.
It's often impractical to manage a strong master password, because you must write it down somewhere yet still keep it secret. Protecting your database using a secret key file has some advantages in this regard.
Thanks. I understand the difference between long and strong, my password is derived from the diceware method (http://www.diceware.com/).
The problem with using a key file is that it's difficult to always have it available whenever I need it. That's the kind of portability I'm trying to achieve with putting my database on the web.
Thanks for the reference to diceware; I didn't know about that. It appears to be a well-thought-out way to get a strong password. If your diceware password is sufficiently strong, your database should be safe on a webserver.
If you put your password on a web server, make sure there are no links to it. Then it is less likely to be picked up by people checking the server.
Paul, I assume you meant 'password database', not 'password'!
Log in to post a comment.