I'm not sure if this has been this way always (but I don't think so), but if I search in Keepass (2.6.1 (x64)) via CTRL+F Keepass remembers the search argument even when I lock or close all open databases. If some evil person with access to my PC and Windows session now creates a new database or opens an existing one who he has access to (while mine still is locked/closed) and that person then initiates a search via CTRL+F this person can see my latest search argument - which of course might contain secret information (if I for example searched for a password).
I know that it often is convenient that the search argument is remembered but because of security reasons in my opinion it should be cleared - for example when all open databases are locked or closed.
I haven't been able to find an option where I can disable the 'remember search argument'.
Therefore:
Does such an option to disable this exist ?
And if that option doesn't exist: Am I wrong when I think that this is an 'unfortunate feature' ?
Any chance for that either such an option could be created (if it doesn't already exists of course) or that the current "behavior" could be changed to clear the latest search when for example all open databases are closed or locked ?
Thanks
Best regards
Frank
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I've now added code such that the search term in the 'Find' dialog is now cleared when closing a database.
This can be disabled using the UIFlags bit 0x100000 (up to now, this bit applied only to the quick search terms, now it applies also to the search term in the 'Find' dialog).
Hi Dominik
I have tested the "KeePass_260616" version a bit, and as far as I can see it works just fine - i.e. clears the latest search argument when locking the databases or closing one or more open databases.
Thank you for your very quick response and handling of this !!! :-)
Best regards
Frank
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi
I'm not sure if this has been this way always (but I don't think so), but if I search in Keepass (2.6.1 (x64)) via CTRL+F Keepass remembers the search argument even when I lock or close all open databases. If some evil person with access to my PC and Windows session now creates a new database or opens an existing one who he has access to (while mine still is locked/closed) and that person then initiates a search via CTRL+F this person can see my latest search argument - which of course might contain secret information (if I for example searched for a password).
I know that it often is convenient that the search argument is remembered but because of security reasons in my opinion it should be cleared - for example when all open databases are locked or closed.
I haven't been able to find an option where I can disable the 'remember search argument'.
Therefore:
Thanks
Best regards
Frank
I've now added code such that the search term in the 'Find' dialog is now cleared when closing a database.
This can be disabled using the
UIFlagsbit 0x100000 (up to now, this bit applied only to the quick search terms, now it applies also to the search term in the 'Find' dialog).Here's the latest development snapshot for testing:
https://keepass.info/filepool/KeePass_260616.zip
Thanks and best regards,
Dominik
Hi Dominik
I have tested the "KeePass_260616" version a bit, and as far as I can see it works just fine - i.e. clears the latest search argument when locking the databases or closing one or more open databases.
Thank you for your very quick response and handling of this !!! :-)
Best regards
Frank