author | Marco Barulli <marco@clipperz.com> | 2014-05-02 10:20:51 (UTC) |
---|---|---|
committer | Marco Barulli <marco@clipperz.com> | 2014-05-02 10:20:51 (UTC) |
commit | 03659f6b3d9766898854e8a769c0c9341b3de80c (patch) (unidiff) | |
tree | da1bcc8d9a5623c34ea9b541ea71f84848aa6d33 /README.md | |
parent | e4074dbd68760aab9350fad4c7a588a44da187c3 (diff) | |
download | clipperz-03659f6b3d9766898854e8a769c0c9341b3de80c.zip clipperz-03659f6b3d9766898854e8a769c0c9341b3de80c.tar.gz clipperz-03659f6b3d9766898854e8a769c0c9341b3de80c.tar.bz2 |
added more visible security warning, updated URLs
-rw-r--r-- | README.md | 32 |
1 files changed, 17 insertions, 15 deletions
@@ -2,60 +2,62 @@ | |||
2 | 2 | ||
3 | [icon]: ./Icon.png | 3 | [icon]: ./Icon.png |
4 | 4 | ||
5 | ##What does Clipperz do? | 5 | ##What does Clipperz do? |
6 | 6 | ||
7 | Clipperz is an online vault where you can store confidential data without worrying about security. It can be used to save and manage passwords, private notes, burglar alarm codes, credit and debit card details, PINs, software keys, … | 7 | Clipperz is an online vault where you can store confidential data without worrying about security. It can be used to save and manage passwords, private notes, burglar alarm codes, credit and debit card details, PINs, software keys, … |
8 | Since passwords are the most common type of private information that you need to protect, we have added a great deal of functionality to make Clipperz a great [online password manager][home] thus solving the “password fatigue” problem. | 8 | Since passwords are the most common type of private information that you need to protect, we have added a great deal of functionality to make Clipperz a great [online password manager][home] thus solving the “password fatigue” problem. |
9 | 9 | ||
10 | **Clipperz makes the Internet the most convenient and safe place to keep you most precious and sensitive data.** | 10 | **Clipperz makes the Internet the most convenient and safe place to keep you most precious and sensitive data.** |
11 | 11 | ||
12 | Read more on the [Clipperz website][home]. | 12 | Read more on the [Clipperz website][home]. |
13 | 13 | ||
14 | [home]: http://www.clipperz.com | 14 | [home]: https://clipperz.is |
15 | 15 | ||
16 | ## Why an open source version | 16 | ## Why an open source version of Clipperz? |
17 | 17 | ||
18 | Because we want to enable as many people as possible to play with our code. So that you can start trusting it, the code not the developers. | 18 | Because we want to enable as many people as possible to play with our code. So that they can start trusting it. The code, not its developers. |
19 | 19 | ||
20 | In order to allow you to inspect the code and analyze the traffic it generates between client and server, we had to provide an easy way to locally deploy the whole service. | 20 | In order to allow anyone not just to inspect the source code, but also to analyze the traffic it generates between client and server, we made available this open source version as an easy way to locally deploy the whole password manager web app on your machine. You can choose among the available backends (PHP/MySQL, Python/AppEngine, …) or [contribute][CA] your own. |
21 | 21 | ||
22 | Feel free to host on your machine a web service identical to [Clipperz online password manager][home]. You can choose among **multiple backends** (PHP/MySQL, Python/AppEngine, …) or you can [contribute][CA] your own. | 22 | Whatever is your motivation for playing with Clipperz code, we would love to hear from you: [get in contact][contact]! |
23 | 23 | ||
24 | Whatever is your motivation, we would love to hear from you: [get in contact!][contact] | 24 | ## Security warning |
25 | 25 | ||
26 | [CA]: http://www.clipperz.com/open_source/contributor_agreement | 26 | The open source version of Clipperz is suitable for **testing and educational purposes only**. Do not use it as an actual password management solution. |
27 | [contact]: http://www.clipperz.com/about/contacts | 27 | |
28 | As an example, the current PHP backend lacks several critical capabilities such as bot protection and concurrent sessions management, moreover it could be vulnerable to serious threats (SQL injections, remote code execution, ...). | ||
29 | |||
30 | [CA]: https://clipperz.is/open_source/contributor_agreement | ||
31 | [contact]: https://clipperz.is/about/contacts | ||
32 | [clipperz]: https://clipperz.is | ||
28 | 33 | ||
29 | 34 | ||
30 | ## Donations | 35 | ## Donations |
31 | If you like what Clipperz is building, its openness and its view of cryptography as a powerful tool for liberty, then you may consider making a donation. | 36 | If you like what Clipperz is building, its openness and its view of cryptography as a powerful tool for liberty, then you may consider making a donation. |
32 | 37 | ||
33 | Our favorite payment method is clearly Bitcoin ([learn why here][why]), but you can also send your donation via credit card, Paypal or bank transfer. In all cases there will be no link between your real identity and your encrypted data stored on Clipperz. | 38 | Our favorite payment method is clearly Bitcoin ([learn why here][why]), but you can also send your donation via credit card, Paypal or bank transfer. In all cases there will be no link between your real identity and your encrypted data stored on Clipperz. |
34 | 39 | ||
35 | **To make your donation visit [this page][donations]. Thanks!** | 40 | **To make your donation visit [this page][donations]. Thanks!** |
36 | 41 | ||
37 | [why]: http://www.clipperz.com/pricing/why_bitcoin | 42 | [why]: https://clipperz.is/pricing/why_bitcoin |
38 | [donations]: http://www.clipperz.com/donations | 43 | [donations]: https://clipperz.is/donations |
39 | 44 | ||
40 | 45 | ||
41 | ## License | 46 | ## License |
42 | ALL the code included in this project, if not otherwise stated, is released with the [AGPL v3][agpl] license (see `LICENSE.txt`), and all rights are reserved to Clipperz Srl. For any use not allowed by the AGPL license, please [contact us][contact] to inquire about licensing options for commercial applications. | 47 | ALL the code included in this project, if not otherwise stated, is released with the [AGPL v3][agpl] license (see `LICENSE.txt`), and all rights are reserved to Clipperz Srl. For any use not allowed by the AGPL license, please [contact us][contact] to inquire about licensing options for commercial applications. |
43 | 48 | ||
44 | [agpl]: http://www.gnu.org/licenses/agpl.html | 49 | [agpl]: http://www.gnu.org/licenses/agpl.html |
45 | 50 | ||
46 | 51 | ||
47 | ## Warnings | ||
48 | Please note that the open source version of Clipperz Password Manager may not be suitable for mass deployments, depending on how robust is the backend you select. As an example, the current PHP backend lacks several critical capabilities such as bot protection and concurrent sessions management. | ||
49 | |||
50 | ## Contributions | 52 | ## Contributions |
51 | Your contributions to Clipperz are very welcome! In order to avoid jeopardizing the ownership of the code base, we will require every developer to sign the Clipperz [Contributor Agreement][CA] | 53 | Your contributions to Clipperz are very welcome! In order to avoid jeopardizing the ownership of the code base, we will require every developer to sign the Clipperz [Contributor Agreement][CA] |
52 | 54 | ||
53 | This enables a single entity to represent the aggregated code base and gives the community flexibility to act as a whole to changing situations. | 55 | This enables a single entity to represent the aggregated code base and gives the community flexibility to act as a whole to changing situations. |
54 | 56 | ||
55 | The CA establishes a joint copyright assignment in which the contributor retains copyright ownership while also granting those rights to Clipperz Srl. With the CA in place, the aggregated code base within any Clipperz open source project is protected by both the distribution license and copyright law. | 57 | The CA establishes a joint copyright assignment in which the contributor retains copyright ownership while also granting those rights to Clipperz Srl. With the CA in place, the aggregated code base within any Clipperz open source project is protected by both the distribution license and copyright law. |
56 | 58 | ||
57 | Please [download][CA] and review the Contributor Agreement for a complete understanding of its terms and conditions. You may send your signed and completed CA to Clipperz by scanning your completed form and emailing the image or by fax. Please retain a copy for your records. **Thanks!** | 59 | Please [download][CA] and review the Contributor Agreement for a complete understanding of its terms and conditions. You may send your signed and completed CA to Clipperz by scanning your completed form and emailing the image or by fax. Please retain a copy for your records. **Thanks!** |
58 | 60 | ||
59 | 61 | ||
60 | ## Building | 62 | ## Building |
61 | In order to build the deployable version, you need to invoke the following command: | 63 | In order to build the deployable version, you need to invoke the following command: |
@@ -106,13 +108,13 @@ Once the index.html files have been built (one for each frontend) and a backend | |||
106 | The application needs a simple MySQL database; to configure all the credentials to access the previously allocated DB, edit the file found in `php/configuration.php`. You need to edit the file actually used by the web server; this will usually be the one moved into the right place in the previous step. | 108 | The application needs a simple MySQL database; to configure all the credentials to access the previously allocated DB, edit the file found in `php/configuration.php`. You need to edit the file actually used by the web server; this will usually be the one moved into the right place in the previous step. |
107 | Once the application is in place, and the DB credentials have been configured, you should initialize the DB itself; in order to do so, just point your browser at the following url: `http://<host>/<path>/php/setup/index.php`. | 109 | Once the application is in place, and the DB credentials have been configured, you should initialize the DB itself; in order to do so, just point your browser at the following url: `http://<host>/<path>/php/setup/index.php`. |
108 | Here you will find the standard [POG][pog] setup page: it should be enough to click the "POG me up!" button at the bottom of the page, and then the "Process" button on the next page. | 110 | Here you will find the standard [POG][pog] setup page: it should be enough to click the "POG me up!" button at the bottom of the page, and then the "Process" button on the next page. |
109 | The POG interface will allow also a very basic access to the DB data that may be useful to check that the application is actually writing something on the DB (even if you will not be able to make much sense out of the data you will see, as they are all encrypted!) | 111 | The POG interface will allow also a very basic access to the DB data that may be useful to check that the application is actually writing something on the DB (even if you will not be able to make much sense out of the data you will see, as they are all encrypted!) |
110 | More information about building the PHP backend may be found in the `doc/install.php.txt` file. | 112 | More information about building the PHP backend may be found in the `doc/install.php.txt` file. |
111 | 113 | ||
112 | 114 | ||
113 | ## Disclaimer | 115 | ## Disclaimer |
114 | 116 | ||
115 | This application has not been fully tested, so there may be still problems due to the new build script or to the new repository structure. So, for the moment, **use it at your own risk!** | 117 | This application has not been fully tested, so there may be still problems due to the new build script or to the new repository structure. So, for the moment, **use it at your own risk!** |
116 | 118 | ||
117 | 119 | ||
118 | [pog]: http://www.phpobjectgenerator.com/ \ No newline at end of file | 120 | [pog]: http://www.phpobjectgenerator.com/ |