Planning for a new web-based password management system
This is just a brain-storming session to get ideas down:
– Category system. (ie. web hosts, online banking, forums…)
– encrypt all info in database, except ID
– when viewing data, only show password when cursor is passed over the line.
Two tables: One is a table of categories and another table is a password table.
Category table:
ID, category name, category desc
Password table;
ID, host, login, password, comments
For the data encyption in the database, hardcode in the PHP code a passkey that is used to encode and decode the data.
Ok That is a bad idea. The data is sent in plain text between the browser and the server php code, so anyone listening can grab the text easily…
Going to do the encryption/decryption in javascript, on the browser, so all the data sent back to server, and then to browser is encrypted.
This is trickier to do (for my skill level) but will try it out.
On third thought, I will stick with the first option. Much easier to implement. As long as one can establish a SSL connection to the site, encryption is not a problem.
In the interest of getting the project started, I will take the easy way out, and maybe in a later version implement the more secure method of encrypting/decrypting the data in the browser.
This needs a name too… WPM (Web Password Manager)??