soutade/gPass
1
0
Fork 0
Code Issues Pull Requests Packages Releases 2 Activity

Server side :

Browse Source 
* Trim password and login before instertion
	* Can use empty master key to see user passwords
	* Fix a bug : can't decode multiple queries from client

Client side :
	* Don't send empty username
	* Update README
This commit is contained in:
Gregory Soutade
2013-10-17 18:26:54 +02:00
parent 4fd1f1e92f
commit 67d21ff3ef
5 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
firefox_addon/README.md
View File

@@ -20,7 +20,7 @@ Usage
-----
The first thing to do is to populate your database (from your/a password server) with login/password/master key values. If you want to make strong password, there is a password generator. After that, configure your addon in "tools -> addons -> gPass -> preferences" to point to your password server (+ username).
The first thing to do is to populate your database (from your/a password server) with login/password/master key values. If you want to make strong password, there is a password generator. After that, configure your addon in "tools -> addons -> gPass -> preferences" to point to your password server (+ username). Be careful, login and password are case sensitive.
When you're in a login form and you want to use gPass, type your login and fill "@@masterkey" in password field. Then submit and password will automatically be replaced by the one in the database (after addon decrypt it).
@@ -40,7 +40,7 @@ For now the only addons made is for firefox. Server side is written in PHP (with
Server
------
To host a password server, you need a webserver. Just copy server files in a directory read/write for web server user (www-data). A sample apache2 configuration file is available in ressources.
To host a password server, you need a webserver. Just copy server files in a directory read/write for web server user (www-data). A sample apache2 configuration file is available in ressources. For enhanced security, it's better to put the password server under https.
You can activate/deactivate view of ciphered passwords by setting $VIEW_CIPHERED_PASSWORDS in index.php.
You can activate/deactivate user creation by setting $ADMIN_MODE in index.php.

4
firefox_addon/lib/main.js
View File

@@ -68,13 +68,13 @@ function on_sumbit()
debug("salt " + salt);
// Get all <input type="text">
// Get all <input type="text"> && <input type="email">
for (i=0; i<fields.length; i++)
{
var field = fields[i];
if (field.getAttribute("type") == "text" || field.getAttribute("type") == "email")
{
if (field.hasAttribute("name"))
if (field.hasAttribute("name") && field.value != "")
my_map.put(field.getAttribute("name"), field.value);
}
}