gPass

gPass Commit Details

Date:2017-07-19 19:12:56 (2 years 2 months ago)
Author:Grégory Soutadé
Branch:master
Commit:017bda025e8bba32f0b685b48f84ca6fd8f3dd85
Parents: 39582e0f264bf7e69c647f126c418a878b56bfa8
Message:Some comment and copyright updates

Changes:
Mchrome_addon/lib/misc.js (1 diff)
Mfirefox_webextension/background.js (3 diffs)
Mserver/conf.php (2 diffs)
Mserver/functions.php (1 diff)
Mserver/index.php (1 diff)

File differences

chrome_addon/lib/misc.js
5050
5151
5252
53
53
5454
5555
5656
}
function str2ab(str) {
var buf = new ArrayBuffer(str.length); // 2 bytes for each char
var buf = new ArrayBuffer(str.length);
// var buf = new ArrayBuffer(str.length*2); // 2 bytes for each char
var bufView = new Uint8Array(buf);
for (var i=0, strLen=str.length; i < strLen; i++) {
firefox_webextension/background.js
11
22
3
34
45
56
......
5758
5859
5960
60
61
6162
6263
6364
......
6869
6970
7071
71
72
7273
7374
7475
function url_block_callback(details)
{
//console.log(details);
if (details.requestBody)
{
if (details.requestBody.formData)
{
browser.webRequest.onBeforeRequest.addListener(
url_block_callback,
{urls:[request.options.url],
{"urls":[request.options.url],
"types":["main_frame"],
"tabId":tab.id,
"windowId":tab.windowId
{
browser.webRequest.onBeforeRequest.addListener(
url_block_callback,
{urls:[request.options.url], types:["main_frame"]},
{"urls":[request.options.url], "types":["main_frame"]},
["blocking", "requestBody"]);
}
});
server/conf.php
11
22
3
3
44
55
66
......
4848
4949
5050
51
51
52
5253
5354
54
55
56
57
5855
5956
6057
6158
6259
63
60
6461
6562
6663
6764
6865
69
66
67
7068
7169
7270
<?php
/*
Copyright (C) 2013-2015 Grégory Soutadé
Copyright (C) 2013-2017 Grégory Soutadé
This file is part of gPass.
(to generate a unique PBKDF2 derivation) that result in an access tokens.
With this access token, user has the right to get
encrypted login/password values and remove them.
It's a kind of challenge.
It's a kind of challenge but requires more cpu bandwidth
(one derivation + two decryption for each password !).
This option is backward compatible with old version < 0.6
For now it's deactivated because it requires high cpu bandwidth
(one derivation + two decryption for each password !). When
standard crypto API will be stable it will be enabled by default.
*/
$USE_SHADOW_LOGINS=1;
/*
Protection against DDoS.
Each request can contains multiple password combination
Each request can contains multiple password combinations
(to support wildcards for example) and multiple names.
Currently only two passwords are sent from addon :
www.example.com
*.example.com
But, on future we may also consider 'www.example.*', '*.example.*' and lower case username.
For maximum security, you can set it to 2.
For maximum security, you can set it to 2 or 4 if you want to be backward compatible
with addons/extions <= 0.7.
*/
$MAX_PASSWORDS_PER_REQUEST=10;
server/functions.php
11
22
3
3
44
55
66
<?php
/*
Copyright (C) 2013 Grégory Soutadé
Copyright (C) 2013-2017 Grégory Soutadé
This file is part of gPass.
server/index.php
11
22
3
3
44
55
66
<?php
/*
Copyright (C) 2013-2014 Grégory Soutadé
Copyright (C) 2013-2017 Grégory Soutadé
This file is part of gPass.

Archive Download the corresponding diff file