Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
Not to flame on anyone, and without reading the details on the specific CVE. But, to share as an advice: this reason is why I prefer keepass + syncthing for my needs. Security for a full blown web app is not trivial and has a bigger "attack surface" than a kdbx file moving p2p through my devices via syncthing.
Explain how can you use KeePass+Syncthing with 10-50 people (possibly different groups for different passwords) having different sets of access level while maintaining sane ease of use?
The passwords are encrypted in the first place so the security for them is only on the client side.
I do not have to share passwords with 10-50 people and neither did the op imply this. I am having trouble figuring out the reasoning behind your message. Why would this be a normal use case?
I said my needs. I was just sharing. Hardly understanding your normal use case of 10-50 users on a same kdbx. The best you could do is having multiple kdbx, fro subgroups of users. Since not everyone should have the master password to all those kdbx... But I am sure that if those were my needs I'd jump to vaultwarden too. That's why I specifically added the disclaimer sentences on my post. I didn't mean to rob vaultwarden of its value. Just pointed out the tradeoff. Your comments adds on to those tradeoffs, they're just different solutions with different pros and cons. The user who mentioned using vaultwarden behind a VPN gave great input, I wasn't considering that. Anyway, have a nice day.
Totally agreed, but there are pros and cons.
File - harder to steal but once stolen hacker can bruteforce it as much as it wants. Web service - with proper rate limits (and additional IP whitelist so you can only sync on VPN/local network) - its harder to bruteforce. (But yes, you (sometimes) have also full copy locally in the local client, but ...)
If it was only for me I probably would also go with KeePass as you will not update the same db at the same time, but with with multiple users it's getting unmanageable.
I just got triggered as those CVEs are not that bad due to the nature that the app encrypts stuff on the client side so web server is more like shared file storage, while your answer suggested to switch to a solution that doesn't work for a lot of people (as we already tried that).
10-50 people normal use case?
For KeePass no, for VaultWarden yes.
Just got triggered for the comment above suggesting a solution that doesn't work for quite a lot of deployments/users, but yes, my comment was a little bit out of place as for single user deployments KeePass is probably way simpler/better.