KPasswordEdit patch (was Re: new widgets...)
Pupeno
pupeno at pupeno.com
Thu Sep 26 15:31:36 BST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 26 September 2002 09:32, Alexander Kellett wrote:
> > On Thursday 26 September 2002 05:23, Thomas Zander wrote:
> > > > - KPasswordEdit: the api of this widget is rather poor returning a
> > > > const char* of the typed password (should it be a QString or
> > > > something like that ?) and there's not setPassword function.
> > >
> > > Returning a pointer to the string as typed by the user is the only way
> > > to make sure minimal copying and therefor maximum security can be
> > > reached. Please don't change that.
> >
> > I imagined that the use of a char was for security reasons... but, what
> > would happen with passwords containing unicode chars ?
> > Is still a setPassword(const char*?) method a bad idea ?
>
> anyways, if we are so security concious why don't we also do a mlock?
>
> Alex (who's just starting reading too many man pages on his system)
Here's a patch that adds a setPassword() function to KPasswordEdit and also
uses mlock to keep the password secure im memory as Alexander 'sugested'.
If you see any bug there, please tell me.
Can this type of things be commited now ?
Thank you.
- --
Pupeno: pupeno at pupeno.com
http://www.pupeno.com
- ---
Help the hungry children of Argentina,
please go to (and make it your homepage):
http://www.porloschicos.com/servlet/PorLosChicos?comando=donar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9kxpLLr8z5XzmSDQRAmthAJ4uSc1C/7hfwf/OjBUNOU3BgGg+PACggLy8
yt0k3HmECGKl/hI1ALmMA1k=
=KI1K
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: securesetpassword.patch
Type: text/x-diff
Size: 2293 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20020926/1bacce4e/attachment.patch>
More information about the kde-core-devel
mailing list