top | item 47157226

(no title)

wps | 4 days ago

Good to see you in here! You make a great point, historically the breaking changes have not really affected users. You kept your db as is, and it would get migrated if you wanted to use new features. A friendly warning on open with a prompt to migrate to unlock new features (after gaining ecosystem traction) would be reassuring to users. On a more technical note, is there anything on your end with KeePassium that would be greatly improved, especially regarding potential improvements to auto-fill memory usage?

discuss

KeePassium|4 days ago

Nothing major, mostly UX improvements that could be defined as part of the new format. For instance, custom ordering of entry fields is not possible now because existing apps just sort them alphabetically on save. Multi-URL storage is basically KP2A's workaround adopted as-is by other apps.

That said, most of the concerns raised by the article — outdated schema, inefficiencies, governance issues — call for a new iteration of database format, but not necessarily SQLite. However, we would still be debating how to represent entry templates and how to accommodate features that stretch format's initial assumptions (be it multi-URLs or smart groups). We may still discover that passkeys need more fields than initially foreseen. Then someone would come up with item-level access rights scheme. Then something else.

All of these are already possible with XML+Gzip, just as much as with SQLite/SQLCipher. The main advantage of the latter is the standard, multi-platform library with a permissive license, instead of KDBX' specialized parsing. Switching to SQLite would probably lower the entry barrier for new apps. Which would be a good thing on the surface (more choice), but could end up with the same devil-in-details bedlam as the status quo.

wps|4 days ago

I really appreciate your commentary here! I understand that SQLite would not automatically solve the politics issue. As ctoth mentioned, it would serve as a "flag day" for the KeePass community to hopefully cover everyone's bases in a formal manner. Schema versioning and evolution is way more up SQLite's alley. An SQLite schema has referential integrity which an XML schema lacks, making it harder to misuse and contort. It is also far simpler to modify a query in the event passkey storage need to be changed than it is to modify the parser.

The lower barrier to entry probably also reduces the number of catastrophic parsing mistakes a developer can make. This is a net positive gain for the wider ecosystem of external tools which do not have to re-implement the whole parser. Every language has a great SQLite library, the same cannot be said of KDBX.

KeePassium|4 days ago

As for autofill memory limitations, this is largely an implementation detail: just process data stream in small chunks, that's it.

Unfortunately, KeePassium's data layer was designed in the times of iOS 11, before AutoFill became a thing. So I chose the easier path of loading and processing the whole file at once. This made sense for 10-20 MB databases on iPhones with 2 GB of RAM. By the time the mistake became obvious, it was much harder to switch to streamed processing, especially with a long queue of lower-hanging feature requests.