KPasswordEdit and security
Albert Astals Cid
aacid at kde.org
Tue Dec 26 21:17:39 GMT 2006
Hi, KPasswordEdit is using a char * internally to store the password. There is
a note in the header that says "I believe this is safer than a QString.". I'm
not much into security but i would want some confirmation if it is safer to
use a char* than a QString.
I'm asking this because i want to fix bug 138997, a bug in KPasswordEdit
(storing char * and some input method related things) makes it impossible to
input passwords with non-ascii characters. One could fix that porting that
internal char* to internal ushort*, but that's not trivial, and if there is
no strong security reason i think we can just drop KPasswordEdit altogether
for KDE4 and use QLineEdit.
Comments?
Albert
More information about the kde-core-devel
mailing list