Online Password Manager

I want to make an online password manager for my own use. The risk I am taking it because it is not possible for me to take a laptop with internet everywhere. With over hundreds of website I've subscribed into, it is becoming messy for me to live with so many usernames and passwords.

What would be the right approach?

(1) Which language/framework to use? Ruby or PHP.
(2) Which Open-Source crypto library and pseudo-random generator?
(3) What other security considerations?
(4) Is PostgreSQL the right-choice?

I want to release it as an open-source.
LVL 8
rpkhareAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

wesgarrisonCommented:
I'm lazy, but there's already password managers out there.

http://keepass.info/ 

source for more:
http://lifehacker.com/5042616/five-best-password-managers
0
Andrew DoadesIT TechnicianCommented:
ruby and ruby on rails is probably the easiest choice.

It'll handle the encryption and security like a dream.. as for the database engine, I think its up to you!

The database/database server is only as secure as you make it, you can ip lock the server and db access etc.

Andrew
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
titanianCommented:
If you want an "Online" password manager, then LastPass is a great choice.

Not only they have an excellent track record and are recommended by Mozilla but they also, give superb secondary security options like using a Yubikey or a USB drive as a secondary verification device along with your password to sign in.

So even if your Master password is compromised, the hacker cant login to your password database without getting their hands on your yubi key or USB drive, which almost makes it foolproof and secure!

Would like to hear your thoughts on this! Good Luck!
0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

rpkhareAuthor Commented:
One such application, Clipperz, is lacking funds to grow. How healthy is the financial status of LastPass?<input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden">
0
cminearCommented:
In addition to Clipperz (which you mentioned), I found the following open-source web based password managers:
 - pasonda: http://pasonda.sourceforge.net/
     
It is written in PHP, and released under a BSD license.  However, it's last release was in 2002, so it is clearly not under active development.

 - w3pw: http://w3pw.sourceforge.net/

Also written in PHP, it is released under the GPL.  It's most recent release was just last August, so it's development is more active.

 - Web KeePass: http://ossfree.net/webkeepass/

This is a web-based version of the Windows version recommended above.  It is written in Java, and the installer uses (or assumes, not sure which) Tomcat and MySQL.  It's last release was less than a month ago.

If you are more interested in installing and using this from your own servers, then w3pw and Web KeePass are probably the best options.  Both of these are also likely to accept development contributions from outsiders (although that is just a guess, not speaking from personal experience with either project).  And if you _really_ want to build your own from scratch (or nearly so), either one of these could give you a working example to port to Ruby on Rails.  ("Port" being used loosely, as a direct port is very unlikely to map directly to a Rails-imposed architecture.)  Note that I have not researched any reported vulnerabilities with any of these projects, nor conducted any security review of the code.  So you may want to do that yourself before proceeding with a porting project.
0
rpkhareAuthor Commented:
Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Ruby

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.