New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

qt: askpassphrasedialog: Clear pass fields on accept #8073

Merged
merged 1 commit into from May 26, 2016

Conversation

Projects
None yet
5 participants
@JohnDolittle
Contributor

JohnDolittle commented May 19, 2016

This is usability improvement in a case if user gets re-asked
passphrase. (e.g. made a typo)

qt: askpassphrasedialog: Clear pass fields on accept
This is usability improvement in a case if user gets re-asked
passphrase. (e.g. made a typo)

@jonasschnelli jonasschnelli added the GUI label May 19, 2016

@jonasschnelli

This comment has been minimized.

Show comment
Hide comment
@jonasschnelli

jonasschnelli May 19, 2016

Member

Looks good. Thanks.
utACK 02ce2a3

Member

jonasschnelli commented May 19, 2016

Looks good. Thanks.
utACK 02ce2a3

@Tyler-Hardin

This comment has been minimized.

Show comment
Hide comment
@Tyler-Hardin

Tyler-Hardin May 19, 2016

Contributor

I kinda doubt the secure clear is useful. Wouldn't the QString that already contains the password be untouched and just deallocated?

Contributor

Tyler-Hardin commented May 19, 2016

I kinda doubt the secure clear is useful. Wouldn't the QString that already contains the password be untouched and just deallocated?

@Tyler-Hardin

This comment has been minimized.

Show comment
Hide comment
@Tyler-Hardin

Tyler-Hardin May 19, 2016

Contributor

Actually, QLineEdit::text isn't a const reference (most Qt properties are not writable), so you can zero the memory yourself. I would recommend directly zeroing the existing QString if you really want attempt to clear it securely.

Contributor

Tyler-Hardin commented May 19, 2016

Actually, QLineEdit::text isn't a const reference (most Qt properties are not writable), so you can zero the memory yourself. I would recommend directly zeroing the existing QString if you really want attempt to clear it securely.

@jonasschnelli

This comment has been minimized.

Show comment
Hide comment
@jonasschnelli

jonasschnelli May 20, 2016

Member

Cleansing the memory can help. But I think there are various cases where the UI framework leaves uncleaned copies somewhere in the ram.
I think the main use advantage of this PR is: https://github.com/bitcoin/bitcoin/pull/8073/files#diff-defede4762fd62a298bd8a0936cd3ed0R103 (the clear in AskPassphraseDialog::accept()).

Member

jonasschnelli commented May 20, 2016

Cleansing the memory can help. But I think there are various cases where the UI framework leaves uncleaned copies somewhere in the ram.
I think the main use advantage of this PR is: https://github.com/bitcoin/bitcoin/pull/8073/files#diff-defede4762fd62a298bd8a0936cd3ed0R103 (the clear in AskPassphraseDialog::accept()).

@arowser

This comment has been minimized.

Show comment
Hide comment
@arowser

arowser May 25, 2016

Contributor

Can one of the admins verify this patch?

Contributor

arowser commented May 25, 2016

Can one of the admins verify this patch?

@laanwj laanwj merged commit 02ce2a3 into bitcoin:master May 26, 2016

laanwj added a commit that referenced this pull request May 26, 2016

Merge #8073: qt: askpassphrasedialog: Clear pass fields on accept
02ce2a3 qt: askpassphrasedialog: Clear pass fields on accept (Pavel Vasin)

codablock added a commit to codablock/dash that referenced this pull request Sep 7, 2017

Merge #8073: qt: askpassphrasedialog: Clear pass fields on accept
02ce2a3 qt: askpassphrasedialog: Clear pass fields on accept (Pavel Vasin)

UdjinM6 added a commit to dashpay/dash that referenced this pull request Sep 9, 2017

Backport Bitcoin Qt/Gui changes up to 0.14.x part 2 (#1615)
* Merge #7506: Use CCoinControl selection in CWallet::FundTransaction

d6cc6a1 Use CCoinControl selection in CWallet::FundTransaction (João Barbosa)

* Merge #7732: [Qt] Debug window: replace "Build date" with "Datadir"

fc737d1 [Qt] remove unused formatBuildDate method (Jonas Schnelli)
4856f1d [Qt] Debug window: replace "Build date" with "Datadir" (Jonas Schnelli)

* Merge #7707: [RPC][QT] UI support for abandoned transactions

8efed3b [Qt] Support for abandoned/abandoning transactions (Jonas Schnelli)

* Merge #7688: List solvability in listunspent output and improve help

c3932b3 List solvability in listunspent output and improve help (Pieter Wuille)

* Merge #8006: Qt: Add option to disable the system tray icon

8b0e497 Qt: Add option to hide the system tray icon (Tyler Hardin)

* Merge #8073: qt: askpassphrasedialog: Clear pass fields on accept

02ce2a3 qt: askpassphrasedialog: Clear pass fields on accept (Pavel Vasin)

* Merge #8231: [Qt] fix a bug where the SplashScreen will not be hidden during startup

b3e1348 [Qt] fix a bug where the SplashScreen will not be hidden during startup (Jonas Schnelli)

* Merge #8257: Do not ask a UI question from bitcoind

1acf1db Do not ask a UI question from bitcoind (Pieter Wuille)

* Merge #8463: [qt] Remove Priority from coincontrol dialog

fa8dd78 [qt] Remove Priority from coincontrol dialog (MarcoFalke)

* Merge #8678: [Qt][CoinControl] fix UI bug that could result in paying unexpected fee

0480293 [Qt][CoinControl] fix UI bug that could result in paying unexpected fee (Jonas Schnelli)

* Merge #8672: Qt: Show transaction size in transaction details window

c015634 qt: Adding transaction size to transaction details window (Hampus Sjöberg)
 \-- merge fix for s/size/total size/
fdf82fb Adding method GetTotalSize() to CTransaction (Hampus Sjöberg)

* Merge #8371: [Qt] Add out-of-sync modal info layer

08827df [Qt] modalinfolayer: removed unused comments, renamed signal, code style overhaul (Jonas Schnelli)
d8b062e [Qt] only update "amount of blocks left" when the header chain is in-sync (Jonas Schnelli)
e3245b4 [Qt] add out-of-sync modal info layer (Jonas Schnelli)
e47052f [Qt] ClientModel add method to get the height of the header chain (Jonas Schnelli)
a001f18 [Qt] Always pass the numBlocksChanged signal for headers tip changed (Jonas Schnelli)
bd44a04 [Qt] make Out-Of-Sync warning icon clickable (Jonas Schnelli)
0904c3c [Refactor] refactor function that forms human readable text out of a timeoffset (Jonas Schnelli)

* Merge #8805: Trivial: Grammar and capitalization

c9ce17b Trivial: Grammar and capitalization (Derek Miller)

* Merge #8885: gui: fix ban from qt console

cb78c60 gui: fix ban from qt console (Cory Fields)

* Merge #8821: [qt] sync-overlay: Don't block during reindex

fa85e86 [qt] sync-overlay: Don't show estimated number of headers left (MarcoFalke)
faa4de2 [qt] sync-overlay: Don't block during reindex (MarcoFalke)

* Support themes for new transaction_abandoned icon

* Fix constructor call to COutput

* Merge #7842: RPC: do not print minping time in getpeerinfo when no ping received yet

62a6486 RPC: do not print ping info in getpeerinfo when no ping received yet, fix help (Pavel Janík)

* Merge #8918: Qt: Add "Copy URI" to payment request context menu

21f5a63 Qt: Add "Copy URI" to payment request context menu (Luke Dashjr)

* Merge #8925: qt: Display minimum ping in debug window.

1724a40 Display minimum ping in debug window. (R E Broadley)

* Merge #8972: [Qt] make warnings label selectable (jonasschnelli)

ef0c9ee [Qt] make warnings label selectable (Jonas Schnelli)

* Make background of warning icon transparent in modaloverlay

* Merge #9088: Reduce ambiguity of warning message

77cbbd9 Make warning message about wallet balance possibly being incorrect less ambiguous. (R E Broadley)

* Replace Bitcoin with Dash in modal overlay

* Remove clicked signals from labelWalletStatus and labelTransactionsStatus

As both are really just labels, clicking on those is not possible.
This is different in Bitcoin, where these labels are actually buttons.

* Pull out modaloverlay show/hide into it's own if/else block and switch to time based check

Also don't use masternodeSync.IsBlockchainSynced() for now as it won't
report the blockchain being synced before the first block (or other MN
data?) arrives. This would otherwise give the impression that sync is
being stuck.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment