[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: Password checking API
From: Rik Hemsley <rik () kde ! org>
Date: 2001-10-03 18:20:38
[Download RAW message or body]
#if Luis Pedro Coelho
> Em Terça, 2 de Outubro de 2001 12:37, Michael Goffioul escreveu:
> > bool checkPassword(const QString& user, const QString& password)
> > {
> > QString exe = KStandardDirs::findExe( "kcheckpass" );
> > if ( exe.isEmpty() )
> > return false;
> > QString cmd = QString::fromLatin1("echo '%1' | %2 -U %3")
> > .arg(password)
> > .arg(exe)
> > .arg(user);
> > return (system(cmd.latin1()) == 0);
> > }
>
> Isn't this dangerous?
> By continuously checking the running processes I might pick up some users
> password from the "echo password"
Yes, looks dangerous to me.
> The only way would be to execute the kcheckpass program with an open stdin
> and write our supposed password there. I don't recall how one does it with
> KProcess but it is possible.
That would be the correct solution.
Rik
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic