Welcome to Teampass Feature Requests place
- using "New Feature" ONLY
- performing a search before creating a new request
- voting for the request you would like to see implemented
Thank you for your participation to this project.
Bug report MUST be performed in Github.
Any other topic is performed in Reddit
The current system allows you to view the previous unencrypted values of passwords in both the history, and on the edit page. This is potentially insecure as it can allow people to view a pattern or common passwords that are reused (yes, both of these are a problem in themselves, but lets minimise the risk).
I would like to be able to have a configuration switch to disable the display of unencrypted previous passwords on the edit page, and in the logs.
After using TeamPass for a bit, i was looking to make the environment Highly Available.
One way of doing this with MySQL/MariaDB/Percona is using the Galera Clustering. The problem is that the data structure for TeamPass is not supported on Galera/XtraDB environments since every table must have a unique id/primary key to ensure replication.
Looking at the table structure, it looks like some of the tables may be as simple as changing the id column to be a primary key but others look like they are used without a true id column. I'm not 100% sure that will allow support with Galera (there might be more - still researching).
What i do know is that I cannot install on a Galera DB and if I install on a non-Galera DB export to a Galera Cluster, the application doesn't show folders or users properly under the admin console.
When creating/editing a user there should be an option to have local or remote authentication. This could be accomplished with a check box for "local account".
See the closed github bug ref # 1896 for further information on this feature request.
Currently, to edit or delete an item, you select it in the list pane, then select 'edit' or 'delete' from the list pane menu.
However, this seems counter-intuitive when the item is displayed in the preview pane. I would expect to find an 'edit' and 'delete' option in the list-pane menu, at least when an item is displayed.
Can we have these two commands added to the preview pane menu for ease of use?
It may also be helpful to have 'edit' 'delete' and 'add' as separate buttons entirely, for ease of use
Debugging authentication issues is awkward. It would help to have a Debug mode available for this. For example, in the LDAP Configuration page, there is a test available, but it does not provide any details as to why a login failed - it could be in bind, search, group, password... It would be helpful to have details on exactly what was done. Also, in a "Debug authentication" mode, we could get detailed logs of all logins, so as to be able to track down configuration issues with 2FA and multiple login methods.
Teampass already keeps a history log of changes, and shows old passwords in the log (I don't like that, but that's a separate issue)
It would be useful to be able to revert one or more changes to a password items, in case where a change was made erroneously and we want to recover the old item. This would be for any changes - username, URL, attached files - not just password. If Teampass could keep the last X versions of each item (a configurable limit) and allow them to be recovered it would be a good feature.
Wir nutzen Teampass in unserem Büro, die Rechteverwaltung ist schon sehr gut, aber leider sehe ich keinen Weg, dem Nutzer nur die Verwendung des Passwortes zu erlauben. Er soll das Passwort nicht im Klartext sehen können, sondern es nur benutzen. Hier sehe ich eine Sicherheitslücke, denn wenn ein Mitarbeiter die Zugangsdaten abschreibt, dann ist der Zugang nicht mehr nur in meinem Besitz ...
When using a directory structure of hundreds of maps it is currently necessary to vertically scroll for and search for the accentuated entries that match a search.
It would be easier if the search would filter out the items that do not match the search criteria, leaving the user with only the matching items that he needs.
I would recommend removing information like the TeamPass version on the login page, because with this information an attacker can more easily find security holes from the used version of the application (looking at Github itself) and make an attack.
I know that it is the administrator's fault if I do not update the application quickly, but I believe that a delay of a few days between launch, approval and update may be critical for attackers to be able to carry out attacks and obtain all information from a client for example.
Customer support service by UserEcho