KPasswordEdit patch (was Re: new widgets...)
Ryan Cumming
ryan at kde.org
Sun Sep 29 01:34:55 BST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On September 28, 2002 16:54, Guillaume Laurent wrote:
> I'm not sure I understand this need for wiping the password. Suppose you
> don't wipe it and it gets somehow written on disk, either through a core
> dump, or on the swap. Then what ? If a bad guy has access to the core file,
> he has access to your files, so you're screwed. If a bad guy has access to
> the swap, then he's root, so you've totally screwed.
He has access to your local files, but that doesn't mean he has access every
computer you have a password for. If done right, you could type the password
in on a physically insecure terminal, for a highly secure server, and there
wouldn't be a trace of the password left once you were done.
- -Ryan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE9lkqzLGMzRzbJfbQRAoc9AJ4tZNRJc2jEVupYVpEk6ursm8ao7wCghVDt
V7e18th9PXAl0xMh2ISifdA=
=N9fn
-----END PGP SIGNATURE-----
More information about the kde-core-devel
mailing list