D12539: Klipper: Do not insert secret data into history
Robert Hoffmann
noreply at phabricator.kde.org
Thu Apr 26 10:41:44 UTC 2018
hoffmannrobert created this revision.
Restricted Application added a project: Plasma.
Restricted Application added a subscriber: plasma-devel.
hoffmannrobert requested review of this revision.
REVISION SUMMARY
Password manager tools like Keepassx offer an option to clear
the clipboard/selection after some time, e.g. 10 seconds,
after the password was copied to the clipboard. This works fine,
but unfortunately the password isn't removed from Klipper's
history. This is a great security risk, which may make the use
of password managers impossible.
This patch changes Klipper::applyClipChanges(const QMimeData* clipData)
where clipboard data is inserted into history. If the data has an
additional mime type 'x-kde-passwordManagerHint', it is not inserted
into history.
For this to work as designed, password managers should add the
additional mime type 'x-kde-passwordManagerHint' to the mimeData
like following when copying a password to the clipboard:
QMimeData* mimeDataClipboard = new QMimeData();
const QString secretStr = "secret";
QByteArray secretBa = secretStr.toUtf8();
mimeDataClipboard->setText(password); // this is the password to copy
mimeDataClipboard->setData("x-kde-passwordManagerHint", secretBa);
clipboard->setMimeData(mimeDataClipboard, QClipboard::Clipboard);
if (clipboard->supportsSelection()) {
// we cannot use the same QMimedata, it's already owned by clipboard
QMimeData* mimeDataSelection = new QMimeData();
mimeDataSelection->setText(password); // this is the password to copy
mimeDataSelection->setData("x-kde-passwordManagerHint", secretBa);
clipboard->setMimeData(mimeDataSelection, QClipboard::Selection);
}
REPOSITORY
R120 Plasma Workspace
BRANCH
master
REVISION DETAIL
https://phabricator.kde.org/D12539
AFFECTED FILES
klipper/klipper.cpp
To: hoffmannrobert
Cc: plasma-devel, ragreen, Pitel, ZrenBot, lesliezhai, ali-mohamed, jensreuterberg, abetts, sebas, apol, mart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20180426/a1ea8098/attachment-0001.html>
More information about the Plasma-devel
mailing list