Jump to content

Passwordstate Self Destruct Message


Recommended Posts

On 3/19/2021 at 2:46 AM, support said:

Hi Guys,

 

We appreciate the feedback. The Pen Testing company do not believe this architecture is insecure, but if there is enough interest, we can consider other options.

 

So we can take this feedback to management, can you please outline why you believe this is a security regression? Is your concern you may have an elevated administrative breach on your web server where this is being hosted?

Regards

Click Studios

 

Certainly that's the main problem. The instance that we use in our data center has very strict network policies for in and outbound directions.
Only a handful of servers with similar security precautions have access to the server at all (e.g. Ansible Tower) and definitely not a normal webserver, because they would build a bridge between the Internet and Passwordstate, similar the new App Server would do.

 

Of course you can say that is a safe bridge with strong gatekeepers on both sides (firewall, crypto and so on), but at the end, it's a bridge that didn't exist before.
And I only have the approval for a security concept without such way of communications.

Link to post
Share on other sites
  • 3 weeks later...

Hello everyone,

 

Just letting you know we've just released build 9112, and have added back the Push/Pull version of the Self Destruct Message feature. This is an option, and you need to select this option on the Self Destruct tab on the System Settings screen in the Administration area.

Regards

Click Studios

Link to post
Share on other sites
×
×
  • Create New...