Expired sessions can't be used, but they stay in memory on the server. There should be a background goroutine that cleans them up.

Groups should be able to be added, removed, and edited. Currently they are static.

Read is implied by simply sharing the grain, so it is obsolete. nuke currently doesn't require a valid session, so it seems a bit stronger than other "write" permissions. Seems like re-keying and nuking should be a manager/admin role.

While editing entities and groups, they should be able to be moved.

It's great to see a v1.0.0 of sandpass!

I was looking into recommending SandPass to a friend. The big question I had was, can people use desktop KeePass to sync with SandPass over the web?

The answer seems to be, "Yes if SandPass supports a sync protocol that KeePass supports."

KeePass has info on desktop sync protocols here:

• http://keepass.info/help/v2/sync.html

It seems from http://keepass.info/help/v2/ioconnect.html that SandPass could export a WebDAV/HTTP URL that KeePass could use.

What do you think of supporting this? I know, "Give a mouse a cookie, he'll ask for a glass of milk" -- which is to say, I'm grateful that this app exists at all!

As a shortcut, I'm implementing delete as only being allowed on non-empty groups. A better implementation would be to show the user the entries they are deleting during confirmation and a count of groups, then delete it recursively. No technical reason this wouldn't work, it's just more effort.

During the initial grain welcome page, it would be nice to have functionality for generating a key file for brand new databases.

I originally designed the sessions to last for 30 minutes or so, but Sandstorm has gotten more aggressive about shutting down grains. Fixing this requires some level of session persistence. My plan is to persist session encryption keys on the server, then store encrypted cookies with the database's computed key on the client. That way, the database's key is never persisted anywhere in the clear, and the persisted server keys can be rotated regularly. A compromise of the server keys is only valuable if you also compromise a client session token encrypted with the same key, but even then, the attacker can't gain the master password, just the computed key. The user could cycle their keyfile and still be fine.

There should be a simple UI for searching for entries within a database. Doesn't need to be fancy, can just match titles. Mostly so that the user doesn't have to dig through groups all the time.

Before posting to App Market, I need to take screenshots of the app.

I'd like to have my browser fill in my bank password from a sandpass database.

Perhaps there's some way to use existing keepass tools that's supposed to be obvious, but I don't quite see it.

(Undecided for 1.0 scope)

There should be a UI for the user to be able to request a re-keying of their database. The user stories are:

• User with a no-password database decides they want to start protecting the passwords
• User's database password is compromised in some way and they want to cycle it
• Every few years the number of rounds in the database should increase in order to cope with Moore's Law
  • In fact, it would be good to warn the user of this situation (in case they're importing an existing database) and offer to rekey.

Currently, Sandpass deletes attachments that are preexisting on entries, which is unfortunate for importing and editing existing databases.

To prevent accidental account lock-outs, it is sometimes useful to have the password manager keep old revisions of entries around. KeePassX's behavior was to create a copy of an entry in the "Backup" group every time that an entry was edited.

I'm considering do a new UI for app, but need to know some thins.
What community need in a new interface.

Even though Sandstorm provides this, it would be good to have some minimal XSRF protection for defense-in-depth.

Entries can be added and edited, but can't be removed. The app should expose this.

There is only a dot type symbol for sandpass entry which has no title. So unable to edit or delete it.

Clicking on one of these buttons lands the user in an unfriendly 403 page. Better to just remove the temptation.

This is left as a TODO in storage.go, but for database integrity, Sandpass should not be overwriting the file in-place. It should write to another file and os.Rename over the original path. Perhaps we could also implement priority writes, so we could write last-access times in an ad-hoc manner, and then whichever one completely finishes writing saves.

(not in scope for 1.0, fuzzily defined)

There aren't well-established Sandstorm capability interfaces yet, but it would be nice to be able to use a database file from a FileDrop grain as backing for a Sandpass grain.

From #23:

Perhaps we could also implement priority writes, so we could write last-access times in an ad-hoc manner, and then whichever one completely finishes writing saves.

Lower priority, but it would be nice to save last access without slowing down user-facing latency.

When being redirected to the index page due to missing or invalid credentials, the index page should direct the user back to the page they originally requested upon successful decryption. This permits copying/pasting grain links to specific entries, and is less annoying for long-lived sessions.

Allow the user to pull up a UI to delete their existing database and replace it with a new one (either imported or just from scratch).

(Not in scope for 1.0)

Since I started working on the reader/writer library, it seems as though the tide has turned to make the KeePass2 XML-based database format the lingua franca format over the v1 format, especially since KeePassX no longer writes it. This isn't as pressing as it can the database format still be read and written, it does call into question some scope things:

• Should Sandpass keep using KeePass1 as its storage? If not, should it use KeePass2 or its own format (probably the former)?
• Should Sandpass have import/export functionality for other file formats? Does this matter?

Steps to reproduce:

1. Create a new grain.
2. Enter a password and click Create.
3. Click the Misc group.
4. Click Delete.
5. Click Delete again, or whatever the confirmation button is.

Results: I'm bounced back to the password entry screen, told that my session is invalid, prompted to re-enter a password, and the group still exists.

There should be a minimal password generator inside the edit entry page.

Allow uploading and downloading entry attachments.

After i backup the grain i open it up and extract the kdb file, when i open it with keypass it gives the error that you usually get when the password is wrong, but i have no idea what to use for a password.

Hi Ross, let me know if you have any ideas. If not, I'll try to come up with some reasonable concepts/drafts sometime this week.