KPasswordEdit and security

Albert Astals Cid aacid at kde.org
Tue Dec 26 21:56:44 GMT 2006


A Dimarts 26 Desembre 2006 22:50, Henrique Pinto va escriure:
> On Tue 26 Dec 2006 19:17, Albert Astals Cid wrote:
> > Comments?
>
> I *think* it is because you can set the password data to be in a locked
> memory page (so it won't be swapped out and written on the disk) when using
> a char *, but you can't do that with a QString, because QString controls
> the buffer, and there's no way for you to tell it it should use "safe"
> memory. I haven't looked at the code, though, so I don't know if this is
> happenning or not. IMO, having a password be swapped out to the disk would
> be an unacceptable security breach.

I had a look to the code and did not found any call that seems to do that, do 
you know how does one do that? (locking the memory page).

Albert

>
> PS: sending this directly to you because I can't post to k-c-d.




More information about the kde-core-devel mailing list