Password Store Component

Ok, that's not new news, since it's been done last year. Still, this site didn't record the change to the work that happened on the password store component on a purely organizational level, so here's my chance to catch up:

  • Password Store is now a component registered with Go to the com_passwords project if you want to download the latest and greatest, or if you want to log bugs, suggest improvements or (God forbid!) help out with development
  • Password Store is now an extension registered with That's an important step, since most people don't use directly. This second step actually just started, as I filed today, but I am hopeful the administrators will give me a chance to publish this.
Next, of course, the plugin/mambot that searches within notes. And, even more of course, improvements to the terribly lame user interface that came with the underlying content store. 

So, in less than a few hours, I completed the password store component for Joomla. That's partially because I worked from a different component that had most of the options I needed, but partially also because I could easily use the Joomla infrastructure, which requires little in the wake of learning.

Of course, while it's a functional component, it's still not at 1.0. Hardcoded strings (they are in the original, too), incomplete removal of spurious options, you know, that stuff.  So I'll continue cleaning up for a bit, then publish.

Read more: Completed Password Store in Record Time

In just one major bored morning, I made huge progress with the passwords store component. You can now enter notes, the content will be filtered out and strong formatting will be stripped from regular view. Editing a note works, as does showing the list and the entry.

The piece missing now is the cookie for the passphrase storage. There I need to add the page that requests the passphrase, the one that allows you to create the passphrase, and the session cookie that will store the passphrase, encrypted using the master passphrase and the day (so that cookies expire every day). 

Looking at the note table, I realized it looks A LOT like the standard Joomla content table. Should I have used that one as a content store? After all, the content offers two locations for the message (intro and fulltext) and all the other goodies (except for last access time).

In the end, I decided against it. Creating a new table is cheap, and putting stuff in content means I have to version PSC at the same time as Joomla versions its content store. Better to leave things as they are, and create a separate table. 

After thinking about the component, it's time to define how it is going to work within the Joomla framework.

We will need two database tables:

  1. The per-user settings like passphrase, security question, etc.
  2. The notes themselves, tied to users

The first table needs to have the user id as primary key. Other columns will be:

  • encrypted passphrase
  • encrypted temporary passphrase
  • security question
  • encrypted answer to security question

The second table will be more complex and have the following columns in addition to an integer ID:

  • note title
  • note text (safe)
  • note text (encrypted)
  • creation time
  • last modification time
  • last access time
  • folders (for later use and expansion) 
Read more: PSC Database Structure

More Articles ...

Page 1 of 2