Jump to content
Fabian Näf

Need To Enter The Encryption-Key After Restart

Recommended Posts

Hi 

 

Our old solution worked like this: After every restart of the server, we had to enter a encryption-key to unlock the solution.

 

Would it be possible to add an option, that an encryption-key (the two which are stored in web.config) has to be entered after every restart of the Passwordsafe-Service?

 

I think this would increase the security of your solution again a bit more. I'm sure, that not every company would like this behavior, so it should be a configurable option.

 

Just an idea for further releases (after Version 8 has been finished :), no hurry)...

 

Best regards,

 

Fabian

Share this post


Link to post
Share on other sites

Hi Fabian,

 

Thanks for your request, and we agree that if we were to implement such a feature, it would need to be an option - as the majority of customers would not want this inconvenience. We would also need to consider what we do for the API, Windows Service, Mobile Client, Browser Extensions, Self Destruct Messages, etc on boot of the server i.e. are these allowed to perform normal processing, regardless of you entering these encryption keys upon boot.

 

Maybe in the short-term another option would be to use one of our two-factor authentication option for all users.

Regards
Click Studios

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×