[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Password checking API
From:       Luis Pedro Coelho <luis_pedro () netcabo ! pt>
Date:       2001-10-03 17:46:02
[Download RAW message or body]

Em Terça, 2 de Outubro de 2001 12:37, Michael Goffioul escreveu:
> bool checkPassword(const QString& user, const QString& password)
> {
>   QString exe = KStandardDirs::findExe( "kcheckpass" );
>   if ( exe.isEmpty() )
>     return false;
>   QString cmd = QString::fromLatin1("echo '%1' | %2 -U %3")
>                                  .arg(password)
>                                  .arg(exe)
>                                  .arg(user);
>   return (system(cmd.latin1()) == 0);
> }

Isn't this dangerous?
By continuously checking the running processes I might pick up some users 
password from the "echo password"

The only way would be to execute the kcheckpass program with an open stdin 
and write our supposed password there. I don't recall how one does it with 
KProcess but it is possible.

hth,
-- 
Luis Pedro Coelho.

Check out my game of Hearts, a card game, for KDE at:
http://hearts.sourceforge.net/
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<

[prev in list] [next in list] [prev in thread] [next in thread]