KPasswordDialog
Waldo Bastian
bastian at kde.org
Fri Nov 5 10:05:14 GMT 2004
On Friday 05 November 2004 01:06, Ingo Klöcker wrote:
> Does the operating system clean memory pages after they are freed or
> before they are alloc'ed?
The current process (malloc) can reuse non-clean memory pages, but other
processes will get clean pages.
> The other threat is that passwords are written to the swap partition.
> This can only be countered by using mlock'ed char* memory. mlocking
> QString is impossible (unless you or Qt writes QSecureString).
Indeed. That said, before we use a password where it is needed we probably
make several copies at varies places. If you want to make sure that passwords
don't end up in swap you will need to trace their complete usage.
Cheers,
Waldo
--
bastian at kde.org | SUSE LINUX 9.2: Order now! | bastian at suse.com
http://www.suse.de/us/private/products/suse_linux/preview/index.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20041105/1aa57606/attachment.sig>
More information about the kde-core-devel
mailing list