Passwordstate Self Destruct Message

[CabraghMan]

Me too - I have just upgraded to 9 and then discovered this new setup.

 

Now off to restore to V8.

[Martin W.]

On 3/19/2021 at 2:46 AM, support said:

Hi Guys,

 

We appreciate the feedback. The Pen Testing company do not believe this architecture is insecure, but if there is enough interest, we can consider other options.

 

So we can take this feedback to management, can you please outline why you believe this is a security regression? Is your concern you may have an elevated administrative breach on your web server where this is being hosted?

Regards

Click Studios

 

Certainly that's the main problem. The instance that we use in our data center has very strict network policies for in and outbound directions.
Only a handful of servers with similar security precautions have access to the server at all (e.g. Ansible Tower) and definitely not a normal webserver, because they would build a bridge between the Internet and Passwordstate, similar the new App Server would do.

 

Of course you can say that is a safe bridge with strong gatekeepers on both sides (firewall, crypto and so on), but at the end, it's a bridge that didn't exist before.
And I only have the approval for a security concept without such way of communications.

[support]

Hi Guys,

 

We will work on bringing back the old architecture as an option - it just means we will need to support two code basis ongoing.

 

Please give us some time to work on this.

Regards

Click Studios

[support]

Hello everyone,

 

Just letting you know we've just released build 9112, and have added back the Push/Pull version of the Self Destruct Message feature. This is an option, and you need to select this option on the Self Destruct tab on the System Settings screen in the Administration area.

Regards

Click Studios