If a password is sent in the clear (no HTTPS) that means that anyone who has a modicum of hacking skills can intercept it and gain full access to the database.
While such lax security could be overlooked back in 2009 when this was last discussed here, in 2016 it is like living in the stone ages.
It is made worse by the fact that there is not a per-user password, but only one master password for the entire database. That means that a single packet interception from anyone using it may yield the password and compromise the database for everyone.
I saw another thread where you were interacting with someone over security issues, and in that thread you seemed to have the same kind of stance… that it’s not a “big deal.”
It IS a big deal, however, to many of your users.
The whole reason I came back to Devonthink from several years of using Evernote is so that I can control my data.
I even purchased two additional DT Pro Office licenses for my team for this purpose.
So it is very disappointing to then discover that, in fact, Devonthink is no more secure - and less so - than Evernote. (While Evernote doesn’t encrypt data on its servers, at least it encrypts data in transit).
But it is more disappointing to see that this was discussed in 2009, and nothing has been done about it.
I understand that as developers you have to prioritize new features, and there’s always an “endless” list of things you could do. (The curse of being a small business owner, which I get).
However, have you ever asked yourselves: “WHO is our primary user and WHY do they choose Devonthink over the alternatives?”
I think if you seriously asked yourselves this question, you’d find it a very clarifying exercise about which of the enhancements or features you might chose to prioritize.
I can’t speak for all of your users, but speaking for myself, my PRIMARY reason for choosing Devonthink is so that I have control over my data, not some cloud-based service with who knows what kind of back-channel agreements with others (such as governments) to share my data.
That means SECURITY is a major priority for me. (I believe it should be a priority for everyone, but I don’t get to dictate what others priorities are). DT is really behind the curve on this.
Second is reliability. I abhor buggy programs, especially when it comes to storing my data. DT does pretty well on this front these days - much better than years ago.
Third is Ease of Use - simplicity and clarity of interface. DT is only so-so on this.
I have several popular blogs and a big newsletter mailing list - and I’d love nothing more than to be able to recommend DT to my clients.
However, I find myself reluctant, because it seems that DT keeps just growing in features endlessly, without a focus on what it’s users want, or how you can create the very best user experience.
BTW - I’d be happy to pay for an update once in a while, as long as it enhances my user experience, rather than just adding more bloat
Thanks for your consideration of my ideas