Password Vault
| 开发者 | mrdenny |
|---|---|
| 更新时间 | 2018年12月17日 05:23 |
| PHP版本: | 3.0.1 及以上 |
| WordPress版本: | 4.9.5 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
详情介绍:
安装:
- Upload the contents of the zip file to the
/wp-content/plugins/password-vaultdirectory - Activate the plugin through the 'Plugins' menu in WordPress
- Set a secure password as the SECURE_AUTH_KEY value in the wp-config.php file
- Configure the settings through the settings page.
- Begin documenting account information through the tools page.
屏幕截图:
常见问题:
What does this plugin do?
This plugin allows you to securly store usernames and passwords online in a password protected repository.
How do I change the encryption key?
To change the encryption key, first enter the new key in the wp-config.php file. Then open the settings page, and put the old key in the field at the bottom and save the settings. A new menu option at the top of the page will appear called "Complete Key Change". Select this link, check the checkbox to verify that you have a backup and click the "Complete Key Change" button. Depending on how much data you have in the main table and the audit table this process may run quickly or it may take a long time. No matter how long it takes do NOT stop the process. Stopping the process can cause you to loose access to some or all of the data. After the process is done, go back to the main page and remove the old encryption key and save the settings. This will remove the link from the menu at the top of the page.
How many Groups can I have?
Basically as many as you want. The field is an INT(11) in MySQL so you should be able to have 2,147,483,647 groups.
Where are the users configured?
The users are simply users from Wordpress.
Can a user see an account if they don't have access to it?
Sort of. They will be able to see that the account exists, but they won't be able to see the password. Even if they figure out the ID number and stick it in the URL field manually it still won't show them the password.
Can someone have write permissions without read permissions?
No. If you grant write permissions to a user, they get read permissions automatically.
Can someone have owner permissions without read or write permissions?
No. If you grant owner permissions to a user, they get read and write permissions automatically.
What takes priority, group or user permissions?
Neither, they are merged.
My site is behind a load balancer, and I've got the "Requires SSL" setting checked, but it isn't working.
This is because the application is using the is_ssl() function within Wordpress which isn't correctly handle load balancers. For now it is recommended that you follow the directions in the is_ssl() document and add the "Force SSL URL Scheme" plugin to your site so that the site forces SSL. If this doesn't work, contact us via the forums and we'll figure it out.
Why does auditing turn itself on every time I upgrade or activate the plugin?
This is done as a security precaution. Every time the plugin is activated it turns auditing back on if it is disabled.
更新日志:
- Fixed passwords being saved in autosave dropdown in the browser
- Fixed another XSS potential issue
- Fixed XSS potential issues
- Tested up through 4.7.2
- Changed default screen to be search page instead of just the menu
- Tested for version 4.3
- Fixed issue with users being able to see passwords from other groups
- Fixed issue with permissions not being added to new records on insert correctly
- Tested for version 4.1
- Verified that all database calls with parameters which have user specified data are paramaterized
- Sanatizing user inputs to prevent javascript attacks
- Changed graphics to use absolute paths based on plugin folder location, so they aren't incorrect if using non-default location.
- Cleaned up some class calls.
- Uploaded this update from 30k feet at 400mph, because that's just how I roll.
- Added a setting to hide the application unless the user is a member of a group within the application.
- Added a setting to hide users and groups which the user doesn't have a group relationship with.
- Changed the builtin ad from showing the Wordpress version number to the plugin version number.
- Allows for users to see or not see accounts they have access to depending on setting.
- Added validation to ensure that values are the correct length when being stored.
- Added button to go from adding a new record to using that record quicker.
- Added option to redirect away from page with password showing after n seconds.
- Added a link to the "requires SSL" error to make it easier to get to the app via SSL.
- Enabled account deletion, when deletion is enabled in the settings.
- Made all custom fields wildcard searches by default.
- Cleaned up buttons on the view account screen.
- Fixing icon in custom menu, because I'm an idiot.
- Fixing icon files which didn't get uploaded in the initial 1.3 release
- Made option to have application as it's own menu item instead of under Options and Tools menus
- Fixed the double back slash problem
- Removed the double back slash problem from the FAQ
- Made URLs in the user defined fields clickable from the search page
- Fixed formatting on the Find Account page
- Fixed formatting issues with a couple of tables.
- Fixing upgrade code.
- Made auditing optional
- Logs when auditing is enabled and disabled
- Tightened up the code a little
- Added an additional security check to ensure user is logged in when using the application
- Cleaned up buttons
- Added audit viewing screen.
- Add option to require SSL for plugin use. Settings page doesn't require SSL.
- Made custom labels optional or required.
- Code cleanup.
- User Defined Fields are added.
- Group Management.
- Group Membership.
- Encryption for passwords everywhere they are stored.
- User level permissions.
- Group permissions.