Jump to content

Fabian Näf

Members
  • Content count

    112
  • Joined

  • Last visited

  • Days Won

    4

Fabian Näf last won the day on February 14

Fabian Näf had the most liked content!

About Fabian Näf

  • Rank
    Senior Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Fabian Näf

    Scheduled backup zip is empty

    Hi All I'm experiencing the same issue. The ZIP file is not extractable or even browsable with the windows explorer. When I open the ZIP file with the tool IZArc, it looks like below (two empty folders are in the path). With IZArc I'm able to extract the ZIP file, but then the folder and file stucture is completely messed up. When I use the Powershell command Expand-Archive (as mentioned above), I can successfully extract all the files with the correct folder structure. Best regards, Fabian
  2. Fabian Näf

    Single password / password list recovery

    Hi pferree Every Paaswordlist has its own recyle bin. You find the recycle bin under "List Administrator Actions..." This option should be available on any Passwortlist in the dropdown menu on the bottom right side. Best regards, Fabian
  3. Fabian Näf

    Importing from KeePass into Passwordstate

    Hi Ricardo, Yes, "SystemWideAPIKEY" is the one of the "Anonymous API". Which Script are you using? Do you get any error? Does something appear in the Administration menu under Passwordlists? Best regards, Fabian
  4. Fabian Näf

    API error - Searchpasswords failes

    Hi Michael I guess the issue is, that you added a PasswordID to your search. Try to remove the ID in your URL ("100") and try again. Best regards, Fabian
  5. Fabian Näf

    Automatical clearing of the notifications area

    Hi Thanks a lot for all your effort! Our permission concept is like that all employees of a department are Password List Admins, and are abe to manage all the list by them self. Sometimes it's needed that someone from another department need some access to any Password List. Then they use the "Request Access" feature. Best regards, Fabian
  6. Fabian Näf

    Importing from KeePass into Passwordstate

    Hi Rob When you login with your system administrator and go to the administration menu under "Password Folders" and "Password Lists". Can you see the designated folder/password lists? From there you could try to delete these folders/password lists and try to reimport them... But probably there's something more behind and it would help for the support if you could wait deleting the folders/lists. I would guess, that you will get an answer from support in about 4h (then it's morning in australia). Clickstudios support is very accurate and reliable! Best regards, Fabian
  7. Hi All I'd like to raise a feature request for an automated clearing of the notification area. It would make sense to automatically remove notifications if they are not accurate anymore e.g. for the following scenarios: If an update ran, the notification about the new build (which is already installed in the meantime) could automatically be removed. If an Access Request to a Password/Passwordlist has been fulfilled, the notification could be removed automatically. We often have the scenario that an user requests access to a Password/Passwordlists, which then goes to houndreds of users. After this has been granted/rejected, all other users need to clear their notification or click on it and realize then, that it doesn't exist anymore. If anyone sees further options, where this would make sense, let us know... Best regards, Fabian
  8. Fabian Näf

    Restrict REST Win-API access

    Hi Support Thank you for your answer and explanation! Currently we would give our users the ability to import their credentials by using the PasswordSafe and KeePass importer scripts. That's why we didn't restrict access to users so far. When I again think about all this, I get to the basic point that the REST WinAPI is not intended to be used by all users, only by some certain managed service account. So I guess we need to restrict our WinAPI access and only open it for users on request to import their data. Best regards, Fabian
  9. Hi All Our company just went live with Passwordstate a week a go. We migrated loads of credentials and a big tree structur from our previous password manager solution to Passwordstate. After we went live, we realized, that we forgot to migrate some certain fields from the old password manager solution from the tree (which should be migrated to folder and passwordliste in Passwordstate). Currently Passwordstate has no REST method to modify (or delete) folders or passwordlists. So the only option which left was to inject the missing date directly into the database, which is kind of ugly, even though it went well. Therefore I'd like to raise this feature request for modify and delete REST methods for the win and anonymous REST API. Best regards, Fabian
  10. Fabian Näf

    Restrict REST Win-API access

    Hi There I would like to start a dicussion about how to make the Win-API more secure. You can use very secure login procedures using two-factor and so on and make Passwordstate very secure. But if the Win-API is enabled, every user can access passwords by using this REST-API without the secure two-factor authentication. Of course, it needs more knowledge to get passwords from the Win-API, but this will not defend any potentialy attackers to get passwords out of Passwordstate by using the API. And I'm also aware of, that we can restrict the APIs to some certain IP ranges, but in the end it's stays the same. The users (or potential attackers) can retrieve passwords without going through the two-factor authentication process. Currently I'm not sure, which is the best way to avoid this vulnerability, but I've some point which could help here and I would like to start a discussion about this: Restrict the REST methods (e.g. only allow POST [create new items]), for us this would help a lot, because we only use the WinAPI to import things. Make it work like the browser extension: Win-API is only available for a particular user from a particular device (IP?) for a certain timeperiod, after he had successfully authenticated through the usual login procedure (two-factor for instance) on the Passwordstate webinterface. Any other ideas? Best regards, Fabian
  11. Thank's a lot for your effort, it's highly appreciated! Best regards, Fabian
  12. Hi Support Thank's for you fast answer and explanation. I completely understand your point. With the Load On Demand feature it's completely different. But wouldn't it possible to dynamically expand the path in the three here as well automatically? ...just by following the path, where the folder/passwordlist is stored ond open every folder programatically and let it load async. Currently it's a petty, because we wannted to us the links to folders and passwordlists, but specially the links to folders are kind of useless like it is now. Best regards, Fabian
  13. Hi There Now, we were finally able to go live with Passwordstate. Thank's a lot for all your support so far! It's highly appreciated! We just experienced the following issue: Because we have loads of folders and passwordlists we need to use the "Load On-Demand" feature, which only loads the folders, when a the user expands it. Now, when we have a direct link to a folder, or we click on the "Tree Path" field in a search result, the selected folder/passwordlist is getting opened on the right side. But unfortunately the folder is not getting expanded and displayed on the left side. Best regards, Fabian
  14. Fabian Näf

    Inplace Upgrade not working

    Dear All, I just updated from 8325 to 8334 without any issue. Thanks a lot! Best regards, Fabian
  15. Fabian Näf

    Inplace Upgrade not working

    Dear all, I'm not sure if the added code was already there, but I just updated from the second newest version to release 8325. During that upgrade I had the issue again and I had to manually download the update. Best regards, Fabian
×