Hi Nils,

Your proposal sounds ok. But indeed it is up to the server admin to implement sound security measures to shield access to the database and application files. But if the config of Teampass has an extra layer of protection it only adds to the security on the whole. Thank you,

kind regards,

Arie

Nils,

just to clarify the point I'm trying to make. I am in the process of evaluating Teampass and after this evaluation several teams are planning to work with it. One of those teams will be the sysadmin on the Teampass server. They will also be a member of a role in Teampass, while other IT teams wil be working in other roles. If any sysadmin on the Teampass server can get into the database he could make a copy of the database and give his own user id admin rights in Teampass. Then he can give himself any team role he wants and can read all passwords of the other teams.

kind regards,

Arie

Hi Nils,

I have provided a screenshot with the settings.php file: (its a test environment, just a simple password :-))

Teampass must be using $pass because if I change this password Teampass does not work with an access denied message.

Kind regard,

Arie