By design, the workspace does not lock after the inactivity timeout if an entry is open for viewing/editing.
It can be argued this is a security flaw, and the design is defended by saying there is no good alternative approach (see http://keepass.info/help/base/faq_tech.html#noautolock).
Let me describe a good alternative: When the database is to be locked and an entry is being edited, check first whether any changes has been made. If not, just close and lock. If changes has been made, save those changes to a new entry in a temporary group (Recycle Bin or a dedicated temporary group). Remember the ID's of the edited entry along with the temporarily saved entry in memory together with the view parameters. When the database is unlocked, the edit dialog can be reopened with the changes made before locking. I can see only upsides with this approach:
Maybe this behaviour should only be activated if the option "Automatically save database when KeePass closes or the workspace is locked" is enabled. If it is not enabled, maybe the changes can be encrypted and stored in memory instead.
Although this might be considered a feature request, I posted it as a bug because it's a security concern for some.
Log in to post a comment.