Password DBA

Password DBA is an innovative approach to storing and managing 
passwords and other confidential information for use by workgroups
 of one or more people. Small files can also be imported as unmodifiable
originals that can be annotated, and later restored to disk.

. The basis of Password DBA is it's unique object database in which records
 are blowfish encrypted. Induviduals using the database file do not posses
 the master key to unlock account records. Instead indirect indices to parts
 of the master key are owned by the user, the computer accessing the data, and
 the program. The users and computers to access the database file must first be
 defined by an administrator in the PWDB objects table. 

    When a new user is added to the PWDB objects table they can then assign
themselves a short alphanumeric PIN code which should deter having to write
 passwords on sticky notes.
 
    The PIN code is not stored anywhere and so cannot be recovered, but any administrator 
can delete the user object and rebuild it.
 By default all PWDB users have admin privelleges, but this can be configured differently.  

records are stored with an account key and data paired to that key. 
The key consists of a system reference name and an account on that system. 
i.e. I might have a series of accounts for 1 particular server

root           webserver1
print-operator webserver1 
tape-operator  webserver1 
operator1      webserver2 

The System name might also be the company a series of vendors work for 

ALAN IBM
John IBM 
Jill IBM 
ANDY ITT 

In the case of an import file the system name is ~FILE and the account
name is the filename followed by it's modification timestamp, so 
revisions of a file can coexist happily as seperate keys

SYSTEM_CONFIG.DAT~01/10/2009~13:30:~FILE
SYSTEM_CONFIG.DAT~01/11/2009~14:35:~FILE


when a given record is selected the program retreives the data to be displayed.
If you change a field you must then commit it back to the database. 
Unlike putting passwords into an excel spreadsheet, no one keeps the database locked. 

The data fields include the username which is identical to the key but can 
be modified, the password, an IP address or hostname, and a large memo field. 

If the key is of a ~FILE type meaning it contains an imported text or binary file,
 then the contents of that file cannot be displayed or edited,
 but the path information and memo feild can be modified. 

When you access the program, add/delete/or modify any key or pwdb object,
it creates an audit trail in the database. 

Password DBA is meant to be a small fast and highly portable program. 
mulitple database files can exist in the same folder for differnt purposes or 
groups of users. The total size of the database cannot exceed 2Gigabytes.

Methods of securing information
1. remove single shared password point of failure 
2. use of hidden fields, inactivity timeouts 
3. require only short PIN codes unique to each user
4. provide audit trail 
5. three layers of blowfish are required to unlock account info
6. save unalterable original copies of small files and documents.
7. prevent terminal lockout by one user.

to do status- 
+complete config screens and add option to selectively make some 
users admins for keys and/or PWDB objects (users/computers)
+Polish up look of GUI 

+ Write initial Database generation program. Each generated database will have distinct keywords and indices into the keywords from each other, as opposed to just copying a database and renaming it.