KPasswordDialog
Oswald Buddenhagen
ossi at kde.org
Fri Nov 5 14:06:43 GMT 2004
On Fri, Nov 05, 2004 at 07:42:08AM -0500, George Staikos wrote:
> On Thursday 04 November 2004 19:06, Ingo Klöcker wrote:
> > The other threat is that passwords are written to the swap partition.
> > This can only be countered by using mlock'ed char* memory. mlocking
> > QString is impossible (unless you or Qt writes QSecureString).
>
> That's cool, we can provide a mechanism to prevent people from stealing
> passwords of out KPasswordDialog and instead force them to steal it from
> whatever uses KPasswordDialog. :) Really..... I know the argument you're
> making and I think it's rather pointless for this. If someone needs a
> KSecuredButNotVeryUserFriendlyOri18nCompatiblePasswordDialog, they can use a
> separate one or a fork of the existing one made more secure.
>
fwiw, what is your stance on
http://bugs.kde.org/show_bug.cgi?id=87580 :
KDE [KDM] does not mlock sensitive data (password)
?
imo this is a cantfix for the PAM case, and a wontfix for the other
cases.
--
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
Chaos, panic, and disorder - my work here is done.
More information about the kde-core-devel
mailing list