Online Password Manager

Posted on 2009-12-17
Medium Priority
Last Modified: 2013-11-13
I want to make an online password manager for my own use. The risk I am taking it because it is not possible for me to take a laptop with internet everywhere. With over hundreds of website I've subscribed into, it is becoming messy for me to live with so many usernames and passwords.

What would be the right approach?

(1) Which language/framework to use? Ruby or PHP.
(2) Which Open-Source crypto library and pseudo-random generator?
(3) What other security considerations?
(4) Is PostgreSQL the right-choice?

I want to release it as an open-source.
Question by:rpkhare
LVL 14

Expert Comment

ID: 26077758
I'm lazy, but there's already password managers out there.


source for more:
LVL 10

Accepted Solution

Andrew Doades earned 501 total points
ID: 26079308
ruby and ruby on rails is probably the easiest choice.

It'll handle the encryption and security like a dream.. as for the database engine, I think its up to you!

The database/database server is only as secure as you make it, you can ip lock the server and db access etc.


Assisted Solution

titanian earned 501 total points
ID: 26087630
If you want an "Online" password manager, then LastPass is a great choice.

Not only they have an excellent track record and are recommended by Mozilla but they also, give superb secondary security options like using a Yubikey or a USB drive as a secondary verification device along with your password to sign in.

So even if your Master password is compromised, the hacker cant login to your password database without getting their hands on your yubi key or USB drive, which almost makes it foolproof and secure!

Would like to hear your thoughts on this! Good Luck!
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 26089502
One such application, Clipperz, is lacking funds to grow. How healthy is the financial status of LastPass?<input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden">
LVL 12

Assisted Solution

cminear earned 498 total points
ID: 26113203
In addition to Clipperz (which you mentioned), I found the following open-source web based password managers:
 - pasonda: http://pasonda.sourceforge.net/
It is written in PHP, and released under a BSD license.  However, it's last release was in 2002, so it is clearly not under active development.

 - w3pw: http://w3pw.sourceforge.net/

Also written in PHP, it is released under the GPL.  It's most recent release was just last August, so it's development is more active.

 - Web KeePass: http://ossfree.net/webkeepass/

This is a web-based version of the Windows version recommended above.  It is written in Java, and the installer uses (or assumes, not sure which) Tomcat and MySQL.  It's last release was less than a month ago.

If you are more interested in installing and using this from your own servers, then w3pw and Web KeePass are probably the best options.  Both of these are also likely to accept development contributions from outsiders (although that is just a guess, not speaking from personal experience with either project).  And if you _really_ want to build your own from scratch (or nearly so), either one of these could give you a working example to port to Ruby on Rails.  ("Port" being used loosely, as a direct port is very unlikely to map directly to a Rails-imposed architecture.)  Note that I have not researched any reported vulnerabilities with any of these projects, nor conducted any security review of the code.  So you may want to do that yourself before proceeding with a porting project.

Author Closing Comment

ID: 31667649

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
This holiday season, we’re giving away the gift of knowledge—tech knowledge, that is. Keep reading to see what hacks, tips, and trends we have wrapped and waiting for you under the tree.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses
Course of the Month14 days, 13 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question