Problems when KeePass can't determine a domain name using the PSL

The Public Suffix List (PSL) is a large list of data made available by Mozilla which all web browsers and some other software, including KeePassRPC, rely upon in order to decide which parts of a URL (web address) are the “domain name”. This is critical to the correct functioning of these programs because a domain name forms an important part of the security boundary between websites.

If you or your system administrators prevent KeePassRPC from remotely accessing or locally storing this data, things will go wrong.

We’ve designed KeePassRPC to err on the side of caution so you should find that not enough entries match a website rather than the other way around. Without knowing what the domain is, we must assume that different hostnames are in fact also different domains. Hence, when requiring a minimum match accuracy of Domain, we must say that there is no match.

It is important to note however that per-site URL Minimum Match Accuracy Method overrides do not get applied when the PSL is unavailable because we can’t identify the domain name of the search URL and therefore can not identify which override to apply. Therefore the Minimum Match Accuracy Method becomes whatever is defined in the entry or the database default, which may be less strict than you are expecting.

You may not actually be able to configure this setting when the PSL is unavailable (this behaviour is unverified and may vary) but even if you can’t, if you then attempt to apply the configuration on a different machine or at a different time when the PSL is not available, you will experience the above problem.

We also may Match some URLs with port numbers when PSL is unavailable in future but for now, that’s another issue you’ll run into if you don’t have access to the PSL.

Overriding the PSL cache location

Generally you should fix your system so that the KeePass application data folder is writeable but in some cases you may be in a position where specifying a different location for the PSL cache would allow KeePass to read and write the file.

You can do this by manually editing the XML config file that KeePass uses (specifics of where to find this file and which locations can override the various versions of the file are too complex for this forum so refer to KeePass documentation for help with that detail). Create a new CustomConfig string called “KeePassRPC.publicSuffixDomainCache.path” and set it to the absolute path in which you wish to cache the PSL data (make sure KeePass is not running while you do this).