Compile two separate binaries, one with http plugin and one without

[TheZ3ro]

For some people having networking capabilities extend the attack/vulnerability surface.

It would be nice if we can exclude networking code in the compiled executable
(also because keepasshttp don't have good support on Windows, See: https://groups.google.com/forum/#!topic/keepassx-reboot/yV__ujozMtI)
letting user (or disto-maintainer) decide if include keepasshttp or not in the executable

Note: by default keepasshttp is disabled at runtime

[droidmonkey]

What if the compiler output two builds: keepassxr and keepassxr-http

Distros could provide both builds either in the same package or separate packages and users could decide which to use.

[TheZ3ro]

This idea is beautiful! 👍

[droidmonkey]

Re-titled the issue to capture the expectations.

[TheZ3ro]

How do you want to do this?

One #define for keepasshttp and then #ifdef on the http code, then
when you compile you set the keepasshttp to true or false ?

[droidmonkey]

yup, that's what I was thinking. only problem with that approach is it will essentially compile twice, there is no reuse (i think) of compiled object files.

Option 2 is to compile the http code into a library, and also compile http stubs into another library. The linker will link the real stuff or the stubs depending on the binary output. This lets you reuse the compiled objects (ie compile once, link twice).

[fcore117]

Better is to add option to turn it off 100%

[george-viaud]

Not possible to handle it runtime / statup via config?

On 10/21/2016 01:32 PM, TheZ3ro wrote:

How do you want to do this?

One #define for keepasshttp and then #ifdef on the http code, then
when you compile you set the keepasshttp to true or false ?

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub #50 (comment), or mute the thread https://github.com/notifications/unsubscribe-auth/APzGhus5FU4yHOQzsyTyxqPJNTvFcO68ks5q2SFxgaJpZM4KcT3K.

[TheZ3ro]

@george-viaud it's already possible, but having networking code in an Offline password manager is not the best option

[anatoli26]

Agree with @TheZ3ro, also the compilation time is almost insignificant, IMO a couple of seconds (even minutes) more during the compilation step for a more secure deployment is a great trade-off. I support the idea

One #define for keepasshttp and then #ifdef on the http code, then when you compile you set the keepasshttp to true or false ?