From kde-core-devel  Fri Nov 05 00:19:21 2004
From: Brad Hards <bradh () frogmouth ! net>
Date: Fri, 05 Nov 2004 00:19:21 +0000
To: kde-core-devel
Subject: Re: KPasswordDialog
Message-Id: <200411051119.27475.bradh () frogmouth ! net>
X-MARC-Message: https://marc.info/?l=kde-core-devel&m=109961401230614
MIME-Version: 1
Content-Type: multipart/mixed; boundary="--nextPart1279526.CJiSnIyN6s"

--nextPart1279526.CJiSnIyN6s
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Fri, 5 Nov 2004 11:06 am, Ingo Kl=C3=B6cker wrote:
> The other threat is that passwords are written to the swap partition.
> This can only be countered by using mlock'ed char* memory. mlocking
> QString is impossible (unless you or Qt writes QSecureString).
QCA 2 will have a QSecureArray, which uses mlock() if available, else uses=
=20
mmap to a file which is then unlinked, and overwritten on exit.
See=20
http://webcvs.kde.org/cgi-bin/cvsweb.cgi/kdesupport/qca/src/qca_tools.cpp?r=
ev=3D1.12;content-type=3Dtext%2Fx-cvsweb-markup
for the implementation.

Brad

--nextPart1279526.CJiSnIyN6s
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQBBiscPGwwszQ/PZzgRAmWHAJ9u6NGZ/4M+WNoD9dl9zvwiVheKDACeJ1Lw
Qaq5BbtiXBgp7kdjGf6noxg=
=uGk9
-----END PGP SIGNATURE-----

--nextPart1279526.CJiSnIyN6s--