KPasswordEdit patch (was Re: new widgets...)
neil at qualityassistant.com
Fri Sep 27 10:52:54 BST 2002
-----BEGIN PGP SIGNED MESSAGE-----
On Friday September 27, 2002 02:39, Thomas Zander wrote:>
> Making sure the password is not in memory any longer then it should
> provides that KDE will not be the weakest link in the security chain.
But KDE isn't a weak link here, unless it's choosing to write passwords to
files without the user asking for it.
Regardless of what KDE does, it's up to the OS to clear the RAM, it's up to
the OS to make sure that other users can't read your RAM, it's up to the
OS to keep swap secure, it's up to the OS to enforce permissions.
The OS can keep it secure, or the OS can make sure it's insecure. Playing
around with const char *s won't actually protect users from an attacker.
Neil Stevens - neil at qualityassistant.com
"I always cheer up immensely if an attack is particularly wounding
because I think, well, if they attack one personally, it means they
have not a single political argument left." - Margaret Thatcher
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the kde-core-devel