I am looking for a good web based security store solution to keep passwords and other important information with the following criteria,
- Open Source
- Java Based
- Deployable to my own application server
My very first thought was to leverage an excellent desktop utility I use called KeePass. Well it looks like somebody else also thought of that,
http://ossfree.net/webkeepass/
I am just beginning this.
Check out my comics.
1 Comment
Shawn Heeley
Wanted to add my thoughts on this wrt to what we discussed. To me, an interesting flow would be something along the lines of:
1. User registers via a website and enters a series of name / value pairs
2. Website generates a unique key for the user that is user to encrypt their passwords
3. User then sends either an email or sms message to the server requesting the password of a specific system (either encrypted sms or possibly s/mime encrypted/signed email)
4. Server returns the password for a given server
My personal preference is to go for the encrypted sms option. it's simpler and more efficient when you are sitting in a server room with your cell phone. The bad part is that you either need a client on the phone to handle the sms encryption/decryption or you do it manually.
The advantage of the s/mime email approach is that this is more of a supported environment which wouldn't require custom clients. A user could simply encrypt an email for the server and send it to the server using a standard email client.