Allow conecting from a non local address about keepasshttp HOT 12 OPEN

For security, I initially chose not to allow remote connections to keepasshttp. It will be a feature I need to consider adding in the future.

----- Original Message -----
From: "psychowood" [email protected]
To: "Perry" [email protected]
Sent: Friday, November 4, 2011 4:58:54 PM
Subject: [keepasshttp] Allow conecting from a non local address (#30)

Hi,
I'm trying to use a KeePassHttp server in my local network, but I can't connect to it because the server only accepts connections from localhost (I'm receiving "400:host do not allowed" when trying to connect from another host - editing the PassIFox xpi file).

Is there a way to overcome this limitation?

Thanks

Reply to this email directly or view it on GitHub:
#30

from keepasshttp.

Are there more interested people for this feature?
It could be an opt-in feature to allow connections from other hosts. Except the pairing one, this should be done from localhost or manually.

It would be also easy to let the user change the connection part in the extension (I'm speaking for chromeIPass).

from keepasshttp.

I've heard of people using ssh port forwarding to accomplish this.... a single database with keepasshttp running, and different machines can connect to it over a ssh port forward. I would recommend this if possible for security reasons. Not that this feature shouldn't be implemented, but it should be done very carefully if it is.

from keepasshttp.

I'm interested in this feature as well.
Has anyone explored reverse proxying via something like nginx?

from keepasshttp.

It seems that you can now configure the browsers to connect to a remote host, however instead of getting a message of 'host do not allowed' as described above I get an error of 'Bad Request (Invalid host)' when using anything other than localhost.

Is there something that needs to be changed to allow another hostname rather than just localhost?

from keepasshttp.

That feature would be great, as it may connect to KeePass from vmware guest

from keepasshttp.

I see no point on this, why don't simply share your database on any cloud service (I keep it on Dropbox), or just make read-only copies wherever you need? I think it's going to be a security weakness

from keepasshttp.

It is not going to be security issue if we limit allowed hosts/ips

from keepasshttp.

Ip based security is no security at all, don't want to initiate a discussion here though. For your particular scenario @nick4fake is far simpler to share the folder (locally or remotely) where the .db file lives and setup everything locally on your Vmware guest. Cheers

from keepasshttp.

no, you do not understand. If I share folder, I should unlock the base twice.

As for me, I already recompiled and fixed the plugin. I was talking about another people who may have same problems.

from keepasshttp.

What if I make pull-request with my changes? I created an option to specify additional host.

from keepasshttp.

Clean patches are gladly accepted

Sent from my phone
On Apr 9, 2014 9:50 AM, "Bogdan Yurov" [email protected] wrote:

What if I make pull-request with my changes? I created an option to
specify additional host.

Reply to this email directly or view it on GitHubhttps://github.com//issues/30#issuecomment-39987745
.

from keepasshttp.