• adr1an@programming.dev
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    4 months ago

    I said my needs. I was just sharing. Hardly understanding your normal use case of 10-50 users on a same kdbx. The best you could do is having multiple kdbx, fro subgroups of users. Since not everyone should have the master password to all those kdbx… But I am sure that if those were my needs I’d jump to vaultwarden too. That’s why I specifically added the disclaimer sentences on my post. I didn’t mean to rob vaultwarden of its value. Just pointed out the tradeoff. Your comments adds on to those tradeoffs, they’re just different solutions with different pros and cons. The user who mentioned using vaultwarden behind a VPN gave great input, I wasn’t considering that. Anyway, have a nice day.

    • kolorafa@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 months ago

      Totally agreed, but there are pros and cons.

      File - harder to steal but once stolen hacker can bruteforce it as much as it wants. Web service - with proper rate limits (and additional IP whitelist so you can only sync on VPN/local network) - its harder to bruteforce. (But yes, you (sometimes) have also full copy locally in the local client, but …)

      If it was only for me I probably would also go with KeePass as you will not update the same db at the same time, but with with multiple users it’s getting unmanageable.

      I just got triggered as those CVEs are not that bad due to the nature that the app encrypts stuff on the client side so web server is more like shared file storage, while your answer suggested to switch to a solution that doesn’t work for a lot of people (as we already tried that).