Re: Get paste kppp *'s

[porten () KDE ORG (Harri Porten)]

Hi !

Tim Jones wrote:

> Well alot of dial up tools do this put your password in *
> so  you can let other people use your
> computer and dial up and they wont know what your password
> is..

Such usage is strongly discouraged. See below.

> But in kppp all you have to do to fix out whats UNDER the *
> is just CUT and PASTE.. Thats right..
> Just COPY the *'s and paste then to a term and you can see
> what there password is...

That's a bug in the password mode of the edit field appearing in Windows
Style. As from Qt 2.0 the behavior is corrected and therefore won't show
up in KDE 2.0 versions of kppp.

To work around this problem in KDE 1.x either

o switch your Desktop Style to Motif or
o apply the following patch:

--- main.cpp    1999/08/17 16:26:52     1.115.2.5
+++ main.cpp    1999/08/26 13:53:30
@@ -537,6 +537,7 @@
   l1->addWidget(PW_Label, 2, 1);

   PW_Edit= new QLineEdit(this);
+  PW_Edit->setStyle(MotifStyle);
   PW_Edit->setEchoMode(QLineEdit::Password);
   MIN_WIDTH(PW_Edit);
   FIXED_HEIGHT(PW_Edit);
@@ -1228,6 +1229,17 @@
   AccountingBase::resetCosts(s);
 }

A more elegant fix (in terms of _not_ breaking the visual appearance)
has been applied to the CVS (kppp 1.6.22) and will be present in KDE
1.1.2.

> I am not sure if this is a problem or what.. But there is no
> reason to have the *'s if they are
> so easy to get past...

Even with the pasting bug corrected it's still not recommended to setup
*your* account for someone else. The asterisks are merely a simple mean
to visually hide what is being typed. Someone with access to your
account or being in possession of your PPP login configuration will
always be able to snatch sensitive data in one way or the other.
There's always the option of not checking the "Store password" option
btw.

Harri.