[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: Password checking API
From: Luis Pedro Coelho <luis_pedro () netcabo ! pt>
Date: 2001-10-03 17:46:02
[Download RAW message or body]
Em Terça, 2 de Outubro de 2001 12:37, Michael Goffioul escreveu:
> bool checkPassword(const QString& user, const QString& password)
> {
> QString exe = KStandardDirs::findExe( "kcheckpass" );
> if ( exe.isEmpty() )
> return false;
> QString cmd = QString::fromLatin1("echo '%1' | %2 -U %3")
> .arg(password)
> .arg(exe)
> .arg(user);
> return (system(cmd.latin1()) == 0);
> }
Isn't this dangerous?
By continuously checking the running processes I might pick up some users
password from the "echo password"
The only way would be to execute the kcheckpass program with an open stdin
and write our supposed password there. I don't recall how one does it with
KProcess but it is possible.
hth,
--
Luis Pedro Coelho.
Check out my game of Hearts, a card game, for KDE at:
http://hearts.sourceforge.net/
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic