KPasswordEdit and security
Brad Hards
bradh at frogmouth.net
Tue Dec 26 22:05:35 GMT 2006
On Wednesday 27 December 2006 08:17, Albert Astals Cid wrote:
> Hi, KPasswordEdit is using a char * internally to store the password. There
> is a note in the header that says "I believe this is safer than a
> QString.". I'm not much into security but i would want some confirmation if
> it is safer to use a char* than a QString.
>
> I'm asking this because i want to fix bug 138997, a bug in KPasswordEdit
> (storing char * and some input method related things) makes it impossible
> to input passwords with non-ascii characters. One could fix that porting
> that internal char* to internal ushort*, but that's not trivial, and if
> there is no strong security reason i think we can just drop KPasswordEdit
> altogether for KDE4 and use QLineEdit.
If you are willing to depend on QCA, then QSecureArray might be an option.
Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20061227/e15a6ff2/attachment.sig>
More information about the kde-core-devel
mailing list