Frequently Asked Questions about the project, licensing, ...
can I help you?
If you like KeePass and would like to help the developers in some way:
This is the best way of helping, if you don't have that much time or experience
in application development.
- Make a translation
If you have some free time, you could make a translation of KeePass (of course only if you're
language isn't offered already).
- Test new releases and report bugs
KeePass is under constant development, new features get implemented, bugs get fixed. If you
have some free time, you could
test new releases thoroughly and report bugs. If you're a programmer, look through the sources to
find bugs and maybe even submit fixes.
- Spread the word
If you like KeePass, tell all your friends how great KeePass is, publish articles
about it, press it on CDs/DVDs, ship USB sticks preinstalled with it, submit it to software
archives, talk in forums about it, etc.!
KeePass be used in a company?
Yes. KeePass is free software and you don't have to pay any
fees. You may freely use KeePass under the terms of its
But of course, if you like KeePass,
are always greatly appreciated.
about a centralized KeePass Internet server?
The idea on the first glance sounds simple and useful: there should be a centralized
KeePass Internet server, on which all users can store their passwords. By having
Internet connection, you'd have access to all your passwords.
Note that this idea is different from simply providing webspace. KeePass 2.x already
supports storing databases on servers using HTTP/FTP. The point is
having one server for all users.
When creating such a server, there are several difficulties:
- A fairly complex synchronization and caching mechanism will be required.
You won't want to transfer the complete database, otherwise the service will be unusable
for everyone storing attachments, etc.
- Directly related to the previous point: in order to do synchronization, the server needs
to be able to read and understand databases, i.e. some dedicated KeePass server
would need to be written. While the transport way could be secure HTTPS, the server
certainly has some user data as plain text in memory for some time. One needs
to be very careful here. What to do if the server gets compromised? The security
implications would be horrible, if an attacker could read any user data.
- How to avoid server compromises? If a normal Internet server is compromised,
the security implications are minimal: in the worst case all user accounts and data for this
website are lost. But with KeePass server, whole identities would be lost. An attacker
couldn't only impersonate someone on this particular server, but on the complete Internet
and real world, depending on what is stored in the databases.
Therefore, banking-level security systems would be required for a KeePass server.
Keeping PHP / ASP / Linux / Windows (or whatever will be used) up-to-date definitely
is not enough here.
- Basically you offer people webspace for their databases, therefore the service
obviously will cost something. By charging people, they expect reliability and you
need to make up-time guarantees. Therefore, at least 2 servers are required (by
different hosters), which need to be synchronized.
Summary: a centralized Internet server currently is out of range. If someone wants
to start a company providing such a service, feel free to use KeePass as base
application (of course respect the Open Source terms).
But what can and probably will be done later is a local intranet KeePass server (for
companies for example).
Employees could log in to the company's password server and use it. But a centralized Internet
server no chance.