Bug 156547 - Passwords copied from kwalletmanager should not appear in klipper
Summary: Passwords copied from kwalletmanager should not appear in klipper
Status: CONFIRMED
Alias: None
Product: kwalletmanager
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Ubuntu Linux
: NOR wishlist
Target Milestone: ---
Assignee: Unknown
URL:
Keywords: triaged
Depends on:
Blocks:
 
Reported: 2008-01-24 13:52 UTC by Martin Flöser
Modified: 2024-03-24 15:09 UTC (History)
6 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Flöser 2008-01-24 13:52:57 UTC 
Version:            (using KDE 4.0.0)
Installed from:    Ubuntu Packages
OS:                Linux

I noticed that if I copy a password in kwalletmanager the password will appear in klipper. I don't like this behaviour. I think it is OK to copy from kwalletmanager, but the password should not appear in klipper. This is in my opinion a security problem. You only have to click on klipper to see possible passwords.
Comment 1 g111 2009-06-07 16:33:21 UTC 
Maybe it would be a good idea to have the possibility for deleting an klipper entry by pressing "del"-key on active entry?
Comment 2 Valentin Rusu 2013-09-03 22:25:39 UTC 
When you copy the password to the clipboard, then klipper would definitely show it. The copy/paste method is not secure in a general manner. Perhaps using mime types would help implement some filtering in klipper, but then you'll no longer be able to paste your password where you wanted. Or perhaps we should implement g111 suggestion.
Comment 3 Martin Flöser 2013-09-06 12:37:50 UTC 
> When you copy the password to the clipboard, then klipper would definitely
> show it. The copy/paste method is not secure in a general manner. Perhaps
> using mime types would help implement some filtering in klipper, but then
> you'll no longer be able to paste your password where you wanted. Or
> perhaps we should implement g111 suggestion.
We should keep this in mind for Wayland. I expect that somehow Klipper needs 
to integrate in KWin and then we could define a mime type/secure flag which 
gets filtered directly in KWin to not be passed to Klipper in the first place.
Comment 4 Andrew Crouthamel 2018-09-28 02:35:23 UTC 
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days, the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information.

For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please set the bug status as REPORTED so that the KDE team knows that the bug is ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 5 g111 2018-09-28 08:25:59 UTC 
Being able to remove an entry from the klipper history by pressing the DEL key still was a good idea. In case of passwords it would be a manual workaround for this case.
Comment 6 Andrew Crouthamel 2018-09-28 17:01:27 UTC 
I'll change this to Reported.
Comment 7 michaelk83 2022-09-06 10:46:27 UTC 
See Bug 458063 comment 1:
> klipper does have a mechanism supported by some password managers were we filter
> out any selection which contains a mimetype key application/x-kde-passwordManagerHint
KWallet needs to set the `application/x-kde-passwordManagerHint` mime type when copying passwords.