BrokenGlass is a group password manager based on a simple concept. No one needs to know anything, until they do. When your boss catches you online at 2AM and you're the only one in the company awake and a client's server needs a reboot, what do you do? The sleeping SysAdmin has the data you need but that does you no good.
With BrokenGlass, a team can store passwords or any other important data securely, and any employee with an account can access that data, but doing so requires a reason and triggers an email to notify the Admin to tell them who accessed what data and when. It's the data equivalent of leaving a set of house keys with a trusted neighbour.
BrokenGlass is a Rails 3.0 application. It requires:
ruby 1.8.7 rubygems & bundler sqlite3
Users log in with a username and password, and the administrator has control over user access to the system. The actual data in the system is encrypted asymmetrically, and requires knowledge of a private passphrase to access. There’s thus no way to get access to the data by querying the the database server directly, or getting in to the system via a user’s weak password. Brute force attacks on user passwords are guarded against by locking an account after three unsuccessful login attempts. The system will also warn you and automatically log you out after 2 minutes of inactivity, to avoid leaving sensitive information visible in a browser session accidentally. You will be prompted to select an administrator password as part of the installation - this is to prevent the common problem many web applications have of a default password that is never changed, leaving the application vulnerable.
BrokenGlass is an open-source project. Source code is available at
http://github.com/LunarLogicPolska/brokenglass