SourceForge has been redesigned. Learn more.
Close

Minimize to tray - How safe's that?

diogenes_3
2006-02-24
2012-09-17
  • diogenes_3

    diogenes_3 - 2006-02-24

    Hi,

    how safe is it to keep PWS minimized to tray between uses (as compared to shut down after use)?

    The question aims at both database integrity (I am using a notebook and yes, that does mean it might go into standby or hibernation spontaneously when power is low, and yes, it sometimes fails to recover from those states), and intrusion security. I understand using the option "save db immediately" should make it relatively crash-proof? If so, on to the next field: Assuming someone does obtain control over my pc, will it be any easier for him to break into a merely minimized instance of PWS?

    Keep up the good work - you knew that already...

    Thomas

     
    • John Navas

      John Navas - 2006-03-31

      When writing to its database, in order to minimize the risk of corruption, Password Safe should ideally:

      1. Save what's in memory to (say) database.new
      2. Delete (say) database.backup if it exists
      3. Rename database to database.backup
      4. Rename database.new to database

      When opening a database, it should check for database and database.new

      If both exist, check database.new for corruption, notify user, and ask to replace database if database.new isn't corrupt, otherwise load database

      If only database.new exists, check it for corruption, notify user, and ask to use it if
      not corrupt, otherwise check for database.backup, and use it if it exists

      If only database.backup exists, notify user, and use it

       
    • Rony Shapiro

      Rony Shapiro - 2006-02-25

      Hi Thomas,

      Regarding database integrity, there's really no problem. Since, relatively speaking, the password database isn't very large, it's loaded into memory once, and not written to unless you explicitly save it, or upon an edit or add with the "save immediately" option enabled. In other words, turning off the PC with the application open (but idle) will NOT corrupt the database.

      In terms of security, if the database is "locked" (either after a timeout, upon minimize, or upon workstation lock), then the user mus enter the passphrase to acess the data. What happens internally is as follows: "Locking" the database clears it from memory, and unlocking it causes it to be read from the database anew. So if you're database is locked, you're fine in terms of security. If PasswordSafe is just minimized, but NOT locked, then you're wide open, though.

      Hope this helps,

      Rony

       

Log in to post a comment.