https://bugs.kde.org/show_bug.cgi?id=156547
--- Comment #12 from Ricardo J. Barberis <[email protected]> --- Hello! (In reply to michaelk83 from comment #11) > As discussed in the MR ( > https://invent.kde.org/utilities/kwalletmanager/-/merge_requests/ > 46#note_1146725 ), there are two parts to this: > 1. On KWallet's side, it absolutely *should* tell Klipper that "this is a > password", so that Klipper can tell that it's sensitive. > 2. On Klipper's end, it's up to Klipper to decide what to do with that > information, such as: > - Hide it / not hide it / use asterisks / etc. > - Avoid saving it to its history list, or worse, to disk. > - Delete it (or not) after some timeout. When I saw the email from this bug I realized that a collaborative password manager I use at work actually does that: every password you copy from it automatically vanishes from klipper in 30 seconds. I didn't know this was possible but it's a very nice way of managing these cases. > Preventing plaint-text passwords from ending up on disk, or even staying in > memory longer than necessary, is not just a "false sense of security". But > that's up to Klipper. Agreed in principle, but in this case IMHO it *is* a false sense of security (or worse even) because the password actually *remains in memory* and pastable. But as you say below, it's not something that Kwallet should deal with. > This bug report is for the KWallet side, and was RESOLVED FIXED with the > above MR. For changes to Klipper's behavior, please file a separate issue, > if one hasn't been filed yet. Agreed, I intended to open a follow up with Klipper but life got in the way and I never did (and I guess I'm not using kwallet much these days). Thank you for your insights, much appreciated! -- You are receiving this mail because: You are watching all bug changes.
