KPasswordDialog / KPasswordEdit
Olivier Goffart
ogoffart at kde.org
Sat Jan 14 16:46:22 GMT 2006
Le Samedi 14 Janvier 2006 16:47, Daniel Molkentin a écrit :
> 1) The class still uses char*. Probably the reasons is simply historic. I
> also remember a discussion about QString not considered secure enough for
> this job since QString's shared buffers are not drawn from non-swappable
> memory. However, this is a non-argument as long as we keep using
> KLineEdits. I am also not confident that KPasswordLineEdit (still) lives up
> to those expectations (I didn't really audit the class since I feel not
> qualified in any way). Still I think this whole discussion about
> non-shareable passwords looked to me like securing the doors of a blown up
> house (I remember such a statement from the original discussions).
I personally think most password are not concerned by this issue, most of
password will be treated internally in the program with QString.
So IMO, this class should be an easy to use class, with just the minimum
security.
KPasswordDialog is currently not really usable in most case. there are some
things that should be added
- An (optional) check box "remember password" and eventually an automatic
integration with KWallet
- Eventually also add a line edit for the login.
The automatic integration with KWallet could be done like the "don't show
again" checkbox in KMessageBox, just by passing a kwallet key to the
function.
> 2) KPasswordEdit has different kinds of echo modes. (no echo, one star,
> three stars). I never used them. removing that "feature" would also allow
> to get rid of one dedicated kcontrol module (!).
I know several person that use no echo at all.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20060114/61d4a83c/attachment.sig>
More information about the kde-core-devel
mailing list