KPasswordEdit patch (was Re: new widgets...)

Neil Stevens neil at qualityassistant.com
Fri Sep 27 10:52:54 BST 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday September 27, 2002 02:39, Thomas Zander wrote:>
> Making sure the password is not in memory any longer then it should
> provides that KDE will not be the weakest link in the security chain.

But KDE isn't a weak link here, unless it's choosing to write passwords to 
files without the user asking for it.

Regardless of what KDE does, it's up to the OS to clear the RAM, it's up to 
the OS to make sure that other users can't read your RAM, it's up to the 
OS to keep swap secure, it's up to the OS to enforce permissions.

The OS can keep it secure, or the OS can make sure it's insecure.  Playing 
around with const char *s won't actually protect users from an attacker.

- -- 
Neil Stevens - neil at qualityassistant.com
"I always cheer up immensely if an attack is particularly wounding
because I think, well, if they attack one personally, it means they
have not a single political argument left." - Margaret Thatcher
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9lCp2f7mnligQOmERAh4EAJwMeHETSYB/wiLuBdmEWpZ4Tq7/9ACeLnDZ
W6Sxne0elKyopiP0J47hXSw=
=dlXg
-----END PGP SIGNATURE-----





More information about the kde-core-devel mailing list