Administrative FAQFrequently Asked Questions about the project, licensing, ...
- How can I help you? (Supporting the KeePass project)
- May KeePass be used in a company?
- What about a centralized KeePass Internet server?
How can I help you?
If you like KeePass and would like to help the developers in some way:
This is the best way of helping, if you don't have that much time or experience in application development.
- Make a translation
If you have some free time, you could make a translation of KeePass (of course only if you're language isn't offered already).
- Test new releases and report bugs
KeePass is under constant development, new features get implemented, bugs get fixed. If you have some free time, you could test new releases thoroughly and report bugs. If you're a programmer, look through the sources to find bugs and maybe even submit fixes.
- Spread the word
If you like KeePass, tell all your friends how great KeePass is, publish articles about it, press it on CDs/DVDs, ship USB sticks preinstalled with it, submit it to software archives, talk in forums about it, etc.!
May KeePass be used in a company?
Yes. KeePass is free software and you don't have to pay any fees. You may freely use KeePass under the terms of its license.
But of course, if you like KeePass, donations are always greatly appreciated.You might be interested in this page: Customizing KeePass 1.x.
What about a centralized KeePass Internet server?
The idea on the first glance sounds simple and useful: there should be a centralized KeePass Internet server, on which all users can store their passwords. By having Internet connection, you'd have access to all your passwords.
Note that this idea is different from simply providing webspace. KeePass 2.x already supports storing databases on servers using HTTP/FTP. The point is having one server for all users.
When creating such a server, there are several difficulties:
- A fairly complex synchronization and caching mechanism will be required.
You won't want to transfer the complete database, otherwise the service will be unusable
for everyone storing attachments, etc.
- Directly related to the previous point: in order to do synchronization, the server needs
to be able to read and understand databases, i.e. some dedicated KeePass server
would need to be written. While the transport way could be secure HTTPS, the server
certainly has some user data as plain text in memory for some time. One needs
to be very careful here. What to do if the server gets compromised? The security
implications would be horrible, if an attacker could read any user data.
- How to avoid server compromises? If a normal Internet server is compromised,
the security implications are minimal: in the worst case all user accounts and data for this
website are lost. But with KeePass server, whole identities would be lost. An attacker
couldn't only impersonate someone on this particular server, but on the complete Internet
and real world, depending on what is stored in the databases.
Therefore, banking-level security systems would be required for a KeePass server. Keeping PHP / ASP / Linux / Windows (or whatever will be used) up-to-date definitely is not enough here.
- Basically you offer people webspace for their databases, therefore the service obviously will cost something. By charging people, they expect reliability and you need to make up-time guarantees. Therefore, at least 2 servers are required (by different hosters), which need to be synchronized.
Summary: a centralized Internet server currently is out of range. If someone wants to start a company providing such a service, feel free to use KeePass as base application (of course respect the Open Source terms).
But what can and probably will be done later is a local intranet KeePass server (for companies for example). Employees could log in to the company's password server and use it. But a centralized Internet server -- no chance.