Bug 156547

Maybe it would be a good idea to have the possibility for deleting an klipper entry by pressing "del"-key on active entry?

When you copy the password to the clipboard, then klipper would definitely show it. The copy/paste method is not secure in a general manner. Perhaps using mime types would help implement some filtering in klipper, but then you'll no longer be able to paste your password where you wanted. Or perhaps we should implement g111 suggestion.

> When you copy the password to the clipboard, then klipper would definitely
> show it. The copy/paste method is not secure in a general manner. Perhaps
> using mime types would help implement some filtering in klipper, but then
> you'll no longer be able to paste your password where you wanted. Or
> perhaps we should implement g111 suggestion.
We should keep this in mind for Wayland. I expect that somehow Klipper needs 
to integrate in KWin and then we could define a mime type/secure flag which 
gets filtered directly in KWin to not be passed to Klipper in the first place.

Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days, the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information.

For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please set the bug status as REPORTED so that the KDE team knows that the bug is ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!

Being able to remove an entry from the klipper history by pressing the DEL key still was a good idea. In case of passwords it would be a manual workaround for this case.

I'll change this to Reported.

See Bug 458063 comment 1:
> klipper does have a mechanism supported by some password managers were we filter
> out any selection which contains a mimetype key application/x-kde-passwordManagerHint
KWallet needs to set the `application/x-kde-passwordManagerHint` mime type when copying passwords.

Git commit 405fd580dcb1f02101d785714ec4f89309559bf3 by Weng Xuetian.
Committed on 01/06/2024 at 08:19.
Pushed by xuetianweng into branch 'master'.

Add x-kde-passwordManagerHint when copy from kwalletmanager

The change includes:
1. copy from editor widget (override createMimeDataFromSelection)
2. copy action in the context menu/hot key

M  +4    -0    src/manager/CMakeLists.txt
A  +27   -0    src/manager/clipboardutils.cpp     [License: GPL(v2.0+)]
A  +16   -0    src/manager/clipboardutils.h     [License: GPL(v2.0+)]
M  +2    -2    src/manager/kwalleteditor.cpp
M  +10   -0    src/manager/kwhexview.cpp
M  +1    -0    src/manager/kwhexview.h
M  +2    -2    src/manager/kwmapeditor.cpp
A  +24   -0    src/manager/kwtextedit.cpp     [License: GPL(v2.0+)]
A  +24   -0    src/manager/kwtextedit.h     [License: GPL(v2.0+)]
M  +6    -1    src/manager/walletwidget.ui

https://invent.kde.org/utilities/kwalletmanager/-/commit/405fd580dcb1f02101d785714ec4f89309559bf3

Can this be reverted/deactivted?

Seriously, I prefer 1000 times to have my passwords visible on klipper and delete them by hand than not seeing them in klipper and beleive I have something innocuous and paste my password on a random website by accident.

I don't really see the point of this change IMHO, it only seems to provide a false sense of security.

(In reply to Ricardo J. Barberis from comment #9)
> Seriously, I prefer 1000 times to have my passwords visible on klipper and
> delete them by hand than not seeing them in klipper and beleive I have
> something innocuous and paste my password on a random website by accident.

In case someone tackles this, I'd suggest the following:

- make this behavior configurable
- provide 3 modes:
  - don't show passwords/secrets
  - show them obscured, but with the option to "reveal" them (just like it's done in many password dialogs)
  - don't hide them in any way

It should default to hide or at least obscure them, while enabling to always show them should display an inline-warning.
When using the function to reveal a password, it should revert to obscured:
- after a certain timeout
- when the screen is locked
- when the Klipper applet loses focus/is hidden

As discussed in the MR ( https://invent.kde.org/utilities/kwalletmanager/-/merge_requests/46#note_1146725 ), there are two parts to this:
1. On KWallet's side, it absolutely *should* tell Klipper that "this is a password", so that Klipper can tell that it's sensitive.
2. On Klipper's end, it's up to Klipper to decide what to do with that information, such as:
    - Hide it / not hide it / use asterisks / etc.
    - Avoid saving it to its history list, or worse, to disk.
    - Delete it (or not) after some timeout.

Preventing plaint-text passwords from ending up on disk, or even staying in memory longer than necessary, is not just a "false sense of security". But that's up to Klipper.

This bug report is for the KWallet side, and was RESOLVED FIXED with the above MR. For changes to Klipper's behavior, please file a separate issue, if one hasn't been filed yet.

Hello!

(In reply to michaelk83 from comment #11)
> As discussed in the MR (
> https://invent.kde.org/utilities/kwalletmanager/-/merge_requests/
> 46#note_1146725 ), there are two parts to this:
> 1. On KWallet's side, it absolutely *should* tell Klipper that "this is a
> password", so that Klipper can tell that it's sensitive.
> 2. On Klipper's end, it's up to Klipper to decide what to do with that
> information, such as:
>     - Hide it / not hide it / use asterisks / etc.
>     - Avoid saving it to its history list, or worse, to disk.
>     - Delete it (or not) after some timeout.

When I saw the email from this bug I realized that a collaborative password manager I use at work actually does that: every password you copy from it automatically vanishes from klipper in 30 seconds.

I didn't know this was possible but it's a very nice way of managing these cases.
 
> Preventing plaint-text passwords from ending up on disk, or even staying in
> memory longer than necessary, is not just a "false sense of security". But
> that's up to Klipper.

Agreed in principle, but in this case IMHO it *is*  a false sense of security (or worse even) because the password actually *remains in memory* and pastable. But as you say below, it's not something that Kwallet should deal with.

> This bug report is for the KWallet side, and was RESOLVED FIXED with the
> above MR. For changes to Klipper's behavior, please file a separate issue,
> if one hasn't been filed yet.

Agreed, I intended to open a follow up with Klipper but life got in the way and I never did (and I guess I'm not using kwallet much these days).

Thank you for your insights, much appreciated!

(In reply to Ricardo J. Barberis from comment #9)

> I prefer 1000 times to have my passwords visible on klipper and delete them
> by hand than not seeing them in klipper and beleive I have something
> innocuous and paste my password on a random website by accident.

I agree. I consider this to be less secure. I should know when a password is in Klipper.

> > This bug report is for the KWallet side, and was RESOLVED FIXED with the
> > above MR. For changes to Klipper's behavior, please file a separate issue,
> > if one hasn't been filed yet.
> 
> Agreed, I intended to open a follow up with Klipper but life got in the way
> and I never did (and I guess I'm not using kwallet much these days).

Luckily, https://bugs.kde.org/show_bug.cgi?id=508326#c2 already suggests this.