[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: KPasswordDialog
From:       Brad Hards <bradh () frogmouth ! net>
Date:       2004-11-05 0:19:21
Message-ID: 200411051119.27475.bradh () frogmouth ! net
[Download RAW message or body]


On Fri, 5 Nov 2004 11:06 am, Ingo Klöcker wrote:
> The other threat is that passwords are written to the swap partition.
> This can only be countered by using mlock'ed char* memory. mlocking
> QString is impossible (unless you or Qt writes QSecureString).
QCA 2 will have a QSecureArray, which uses mlock() if available, else uses 
mmap to a file which is then unlinked, and overwritten on exit.
See 
http://webcvs.kde.org/cgi-bin/cvsweb.cgi/kdesupport/qca/src/qca_tools.cpp?rev=1.12;content-type=text%2Fx-cvsweb-markup
 for the implementation.

Brad


[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]