KPasswordDialog / KPasswordEdit

Daniel Molkentin molkentin at kde.org
Sat Jan 14 15:47:41 GMT 2006 

Hello lib cleaners and security paranoids,

Today I was looking through the TODO file as proposed by David and found the 
following two entries:

- kpassdlg.h needs to be renamed to kpassworddialog.h - consistent with other 
classes(it won't  break many apps). The class needs a facelift - see the 
comments in kpassdlg.{h,cpp}
  (Frans)

- Replace KPasswordEdit with KLineEdit and adjust KPasswordDialog accordingly.
  (Waldo)

The first one happened already, thanks to Laurent. The second one is a bit 
trickier and I need a bit of advise on the following points:

1) The class still uses char*. Probably the reasons is simply historic. I also 
remember a discussion about QString not considered secure enough for this job 
since QString's shared buffers are not drawn from non-swappable memory. 
However, this is a non-argument as long as we keep using KLineEdits. I am 
also not confident that KPasswordLineEdit (still) lives up to those 
expectations (I didn't really audit the class since I feel not qualified in 
any way). Still I think this whole discussion about non-shareable passwords 
looked to me like securing the doors of a blown up house (I remember such a 
statement from the original discussions).

Suggestion: Either get rid of char* use and ignore the problem as neglectable, 
or find someone who audits this class properly for Qt 4. The silver bullet 
would be to check what it takes to make QSharedData and thus QString to
use non-swapable memory, so we could just use QString or a derived class
to handle passwords and other sensitive data in the future.

2) KPasswordEdit has different kinds of echo modes. (no echo, one star, three 
stars). I never used them. removing that "feature" would also allow to get 
rid of one dedicated kcontrol module (!). Finally, it doesn't respect 
QStyle::SH_LineEdit_PasswordCharacter for drawing the password chars,
but will simply print asterisks.

Suggestion: remove feature or move it to KLineEdit. What would you prefer?

3) I'd really like to get rid of KPasswordEdit, it's fairly old that has no 
way of benefiting from the features in KLineEdit. Therefore I'd like to move 
it into kde3support, decoupling KPasswordDialog from using it.

Cheers,
  Daniel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20060114/37576947/attachment.sig>

More information about the kde-core-devel mailing list