[QUESTION] How is this better than keeping the database on ondrive directly?
musm opened this issue · 5 comments
Describe your question
If I just pace my database in OneDrive directly then open that within KeePass, how does this plugin differ? I'm just trying to understand the benefits of this plugin via what I do, which I haven't had issues with.
So you open the same db on two computers or computer and mobile device. You edit the db on both and then you save on both.
Your method will lose one of the edits as it does not sync the changes it just writes them to the file and they get overridded by others
Good question @musm and thanks @vytux-com for chiming in!
If placing your KeePass OneDrive on a location that gets synced using the OneDrive sync client, it indeed could occur that your database gets corrupted if changes would occur from two machines at the same time. Imagine i.e. you're offline at one device, make a change, shut down the machine and then go online at another device, such as your phone or tablet where you make a change. If you go online at the first device again, you will get a sync conflict. At best it will just create a renamed KeePass database on your OneDrive at worst, and I've seen this happen myself, your KeePass database gets corrupted and can't be opened anymore.
Other scenarios where using a plugin specifically for keeping your databases in sync could be useful is if you want to share your KeePass database with someone, i.e. co-workers, family members, friends, etc. You don't want them to have your credentials and sync down your entire OneDrive. With this plugin you could just share the KeePass database with them and allow them to sync just the KeePass database.
Got it ! Ok indeed, I'll try this instead of my current "sync" solution, which as you note might get corrupted. Fortunately, in the several years I have been doing this I haven't had any major issues, but it still seems much better to try this to ensure no corruption occurs. Thanks!
The permissions seem very aggressive
The permissions seem very aggressive
That's correct. Unfortunately at this point the APIs do not support requesting fine grained permissions yet. It's only give me access to (all) your files or no access at all. Keep in mind that the access and refresh tokens which will actually give the access are generated by the plugin hosted solely in your KeePass installation on your machine. They are only stored on your machine as well. The communication is directly between KeePass and the Microsoft servers. It does not pass any third party servers or endpoints. So yes, the request may feel very aggressive, but there's no other way and the keys providing the access are solely in your own hands.