how safe is it to keep PWS minimized to tray between uses (as compared to shut down after use)?
The question aims at both database integrity (I am using a notebook and yes, that does mean it might go into standby or hibernation spontaneously when power is low, and yes, it sometimes fails to recover from those states), and intrusion security. I understand using the option "save db immediately" should make it relatively crash-proof? If so, on to the next field: Assuming someone does obtain control over my pc, will it be any easier for him to break into a merely minimized instance of PWS?
Keep up the good work - you knew that already...
When writing to its database, in order to minimize the risk of corruption, Password Safe should ideally:
When opening a database, it should check for database and database.new
If both exist, check database.new for corruption, notify user, and ask to replace database if database.new isn't corrupt, otherwise load database
If only database.new exists, check it for corruption, notify user, and ask to use it if
not corrupt, otherwise check for database.backup, and use it if it exists
If only database.backup exists, notify user, and use it
Regarding database integrity, there's really no problem. Since, relatively speaking, the password database isn't very large, it's loaded into memory once, and not written to unless you explicitly save it, or upon an edit or add with the "save immediately" option enabled. In other words, turning off the PC with the application open (but idle) will NOT corrupt the database.
In terms of security, if the database is "locked" (either after a timeout, upon minimize, or upon workstation lock), then the user mus enter the passphrase to acess the data. What happens internally is as follows: "Locking" the database clears it from memory, and unlocking it causes it to be read from the database anew. So if you're database is locked, you're fine in terms of security. If PasswordSafe is just minimized, but NOT locked, then you're wide open, though.
Hope this helps,
Log in to post a comment.