KPasswordDialog / KPasswordEdit
Waldo Bastian
bastian at kde.org
Sat Jan 14 22:55:22 GMT 2006
On Saturday 14 January 2006 07:47, Daniel Molkentin wrote:
> Hello lib cleaners and security paranoids,
>
> Today I was looking through the TODO file as proposed by David and found
> the following two entries:
>
> - kpassdlg.h needs to be renamed to kpassworddialog.h - consistent with
> other classes(it won't break many apps). The class needs a facelift - see
> the comments in kpassdlg.{h,cpp}
> (Frans)
>
> - Replace KPasswordEdit with KLineEdit and adjust KPasswordDialog
> accordingly. (Waldo)
>
> The first one happened already, thanks to Laurent. The second one is a bit
> trickier and I need a bit of advise on the following points:
>
> 1) The class still uses char*. Probably the reasons is simply historic. I
> also remember a discussion about QString not considered secure enough for
> this job since QString's shared buffers are not drawn from non-swappable
> memory. However, this is a non-argument as long as we keep using
> KLineEdits. I am also not confident that KPasswordLineEdit (still) lives up
> to those expectations (I didn't really audit the class since I feel not
> qualified in any way). Still I think this whole discussion about
> non-shareable passwords looked to me like securing the doors of a blown up
> house (I remember such a statement from the original discussions).
>
> Suggestion: Either get rid of char* use and ignore the problem as
> neglectable, or find someone who audits this class properly for Qt 4. The
> silver bullet would be to check what it takes to make QSharedData and thus
> QString to use non-swapable memory, so we could just use QString or a
> derived class to handle passwords and other sensitive data in the future.
I don't think it's worth the trouble.
> 2) KPasswordEdit has different kinds of echo modes. (no echo, one star,
> three stars). I never used them. removing that "feature" would also allow
> to get rid of one dedicated kcontrol module (!). Finally, it doesn't
> respect QStyle::SH_LineEdit_PasswordCharacter for drawing the password
> chars, but will simply print asterisks.
I don't think its worth keeping this feature. QLineEdit allows "No Echo" and
"Password". Keeping the ability to select "No Echo" would be nice, but I
think, it is sufficient if you can do that via a config file or maybe
kiosktool, no need for a control module in the control center IMHO.
Cheers,
Waldo
> 3) I'd really like to get rid of KPasswordEdit, it's fairly old that has no
> way of benefiting from the features in KLineEdit. Therefore I'd like to
> move it into kde3support, decoupling KPasswordDialog from using it.
>
> Cheers,
> Daniel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20060114/136fac57/attachment.sig>
More information about the kde-core-devel
mailing list