Bug 487359 - Allow option to exclude strings from Klipper's history
Summary: Allow option to exclude strings from Klipper's history
Status: RESOLVED INTENTIONAL
Alias: None
Product: plasmashell
Classification: Plasma
Component: Clipboard widget & pop-up (show other bugs)
Version: master
Platform: Other Linux
: NOR wishlist
Target Milestone: 1.0
Assignee: Plasma Bugs List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-22 09:03 UTC by Roland Tapken
Modified: 2024-05-23 08:34 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Roland Tapken 2024-05-22 09:03:24 UTC 
SUMMARY

I have to use some legacy apps that don't have any password manager integration, so I have to use the clipboard to fill the password. Often I forget to remove the password from Klipper's history afterwards.

For this reason I would like to have a blacklist file where I can enter salted hashes for strings that should never ever be included in Klipper's history.


STEPS TO REPRODUCE
1. Use password manager to copy password into clipboard for legacy application
2. Forget to remove the entry from Klipper's history

OBSERVED RESULT

Klipper shows the clear text password in the history widget and even stores it on disk if configured to keep the history for the next session.

EXPECTED RESULT

Klipper matches the string with a list of blacklist hashes and ignores the value.

SOFTWARE/OS VERSIONS

all
Comment 1 Roland Tapken 2024-05-22 09:37:32 UTC 
As an alternative approach maybe it would be possible to create a "Copy to clipboard" method that marks the string as private and exclude it from Klipper (or other clipboard managers).
Comment 2 Nate Graham 2024-05-22 18:47:51 UTC 
It's an interesting idea, but I'm afraid this isn't feasible. Such a technical feature would only be understood by the person who requested it (i.e. you) and would not have general applicability.

The problem of passwords getting remembered in Klipper when you don't want them to is real, but I'm afraid this isn't the right way to solve it.

The optimal solution would be for those apps to add the `x-kde-passwordManagerHint` mimetype hint for copied passwords. If the apps in question are open-source, you could even implement this yourself. If not, you can at least contact their support and request it.
Comment 3 Roland Tapken 2024-05-23 08:34:47 UTC 
Hello Nate,

> It's an interesting idea, but I'm afraid this isn't feasible. Such a
> technical feature would only be understood by the person who requested it
> (i.e. you) and would not have general applicability.

It depends on the user interface. There is already an action menu that works with patterns. We could add a checkbox or a radio box "Secret string" to the menu and show it as "*******" in the interface when it is hashed, and add an action "remove from history".

> The optimal solution would be for those apps to add the
> `x-kde-passwordManagerHint` mimetype hint for copied passwords. If the apps
> in question are open-source, you could even implement this yourself. If not,
> you can at least contact their support and request it.

Thanks for the hint to this flag. It seems that at least for Bitwarden there is already such a feature request, but according to one comment it needs an extension of the Web API  (https://github.com/bitwarden/clients/issues/1047#issuecomment-1097429744).