[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Password checking API
From:       Rik Hemsley <rik () kde ! org>
Date:       2001-10-03 18:20:38
[Download RAW message or body]

#if Luis Pedro Coelho
> Em Terça, 2 de Outubro de 2001 12:37, Michael Goffioul escreveu:
> > bool checkPassword(const QString& user, const QString& password)
> > {
> >   QString exe = KStandardDirs::findExe( "kcheckpass" );
> >   if ( exe.isEmpty() )
> >     return false;
> >   QString cmd = QString::fromLatin1("echo '%1' | %2 -U %3")
> >                                  .arg(password)
> >                                  .arg(exe)
> >                                  .arg(user);
> >   return (system(cmd.latin1()) == 0);
> > }
> 
> Isn't this dangerous?
> By continuously checking the running processes I might pick up some users 
> password from the "echo password"

Yes, looks dangerous to me.

> The only way would be to execute the kcheckpass program with an open stdin 
> and write our supposed password there. I don't recall how one does it with 
> KProcess but it is possible.

That would be the correct solution.

Rik

 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<

[prev in list] [next in list] [prev in thread] [next in thread]