[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: new widgets...
From:       Alexander Kellett <lypanov () kde ! org>
Date:       2002-09-26 13:32:33
[Download RAW message or body]

On Thu, Sep 26, 2002 at 09:19:00AM -0400, Pupeno wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Thursday 26 September 2002 05:23, Thomas Zander wrote:
> > > - KPasswordEdit: the api of this widget is rather poor returning a const
> > > char* of the typed password (should it be a QString or something like
> > > that ?) and there's not setPassword function.
> >
> > Returning a pointer to the string as typed by the user is the only way to
> > make sure minimal copying and therefor maximum security can be reached.
> > Please don't change that.
> I imagined that the use of a char was for security reasons... but, what would 
> happen with passwords containing unicode chars ?
> Is still a setPassword(const char*?) method a bad idea ?

anyways, if we are so security concious why don't we also do a mlock?

Alex (who's just starting reading too many man pages on his system)
[prev in list] [next in list] [prev in thread] [next in thread]