KeePass Plugins |
Introduction
KeePass features a plugin framework. Plugins can provide additional
functionality, like support of more file formats for import/export,
network functionalities, backup features, etc.
Online Resources
You can download the latest KeePass plugins (and their source code) from:
http://keepass.sourceforge.net/plugins.php
Plugin installation
To install a plugin, follow these steps:
- Download the plugin from the page above and unpack the .ZIP file to a directory of your choice.
- Copy the plugin .DLL file into the KeePass directory (where the
KeePass.exe is).
- Start KeePass and enable the plugin in the plugins dialog
('Tools - Plugins...').
- Restart KeePass in order to load the new plugin.
To uninstall a plugin, just delete its .DLL file. You don't need to disable
it in the plugins dialog first.
Security
Some people had doubts about the security of plugins: can't malicious
spyware plugins
'inject' themselves into KeePass? Of course, they theoretically
can, but if plugins can register themselves
(i.e. have write access to the KeePass directory), they could also just
replace the whole KeePass.exe. It's rather a problem of the file system
security, not the plugin system.
If you worry about this, you can do the following:
- Install KeePass as administrator.
- Delete the KeePass.ini in the KeePass directory.
- Write-protect the KeePass directory. Nobody must have write-access.
- Log on as normal user (with no administrator privileges).
This will solve the problem above. Since the KeePass directory is write-protected,
no other program can copy files into it. KeePass requires the plugins to
be in the application directory, paths with characters like '.' and '\' are
simply rejected. Therefore, plugins cannot inject themselves anymore.
Because you have deleted the .INI file and KeePass cannot create a new one
in its application directory, it'll use your users directory.