[Passwordsafe-devel] File Attachment Feature in V3 Format

[Mark M. <mar...@gm...>]

Hi,

I've just been chatting with Rony over email about adding a feature to the
V3 format to allow people to store files (e.g. images, etc) as part of a
record. He suggested it was best to mail this list with the idea, and see
what your thoughts are here.

I maintain the Strongbox iOS and Mac app (https://strongboxsafe.com), which
are Password Safe clients. I get frequent feature requests from people to
allow them to add images or attachments to their safes. This is a feature
I'd like myself for my own safes too, I'm sure some of you feel the same.

Rony had some concerns about performance, which I think are worth
discussing. Also, I know that as part of V4 there is some expected support
for file attachments. I think however that getting this feature in V3 would
be a big win for all password safe users, and I think it could be done in a
way that would satisfy a lot of users.

As regards the performance given large file sizes, I think that clients
could help protect against this by imposing a file size limit (perhaps
5-10MB), and explaining the consequences of adding many large files to the
users. I've tested very large databases on iOS devices, and had pretty good
results, but of course your mileage will vary, given the device and client
implementations.

Rony mentioned that it might be worth trying to back port the V4 work that
had been done on this feature, into V3. I haven't had a chance to take a
look at the feasibility of this just yet, it seems like a full
service/Rolls Royce solution that would deal with the performance issues of
large databases very well.

Separately, I had my own idea of how to do this, that while not as robust
and performant as Rony's model, would require very little design changes,
and I think could be a fairly straightforward implementation for other
clients/platforms.

The idea is simply to create a new Record Field Type and some kind of
(pseudo code) data structure like so:

typedef struct _FileAttachment {

    char fileNameLength[4];   // 4 hexadecimal digit file name length (in
TCHAR) - Password History Style Length

    char mimeTypeLength[4];   // 4 hexadecimal digit mime type length (in
TCHAR) - Password History Style Length

    char filename[...];       // The file name

    char mimeType[...];       // a mime type such as 'image/jpeg' - to aid
with opening / encoding / display etc

    unsigned char data[];     // The actual data of the file filled out to
the end of the field

} FileAttachment;


I hope that makes sense. Would love to hear your thoughts. I think this
could be a great feature for the Password Safe format.

Thanks and all the best,
-Mark