Feature Request - Kee should have the option to prevent the filling in or submitting of forms unless it can determine if the connection to the site is secure. It should at a minimum check the URL for the presence of the https:// URI scheme. Ideally, it would actually validate that the site has a valid certificate, that the certificate has not been revoked, and maybe even enforce specific protocols, key sizes, or encryption types.
Kee, like users, has no assurance that the site that is responding to the URL in the browser is actually the site that a user has chosen to share sensitive data from Keepass. If the site is spoofed, DNS hijacked, or a site that has a Cross Site Scripting vulnerability, Kee could expose sensitive data to an attacker without a user having any chance to interrupt or prevent it.
This is a Bad Thing ™ and why for years the security community has been trying to teach people to look for the “Green Lock” and other information that validates the site’s identity before sending any information.
Kee is an application so it should actually be easier to have it do such checks automatically, even prior to making a request to Keepass for matching URLs.
Due to these issues, many organizations and users are simply not able to use the auto-fill and auto-submit features of Kee. Adding this feature would allow these helpful features to be used in a more secure manner that might fit within acceptable risks for users and organizations. It also would help to show that Kee is taking extra steps to protect and secure data stored in your Keepass DB.