|
|
|
|
|
|
by crypt1d
3259 days ago
|
|
|
The whole point of the discussion was to highlight a feature that I was missing here - ability to audit who accessed what. There will always be a person with admin (or master password) access who can edit logs or bypass them entirely, but this is suppose to be a person who has the final responsibility in the team's 'chain of command'. The audit log exists so that this very admin can monitor the logs for suspicious behavior and clean up the passwords after a team member leaves. Hence, having the ability to decrypt the db with a master password is irrelevant as the master password should only be accessible to the admin. |
|
|