[Interest] QML and sensitive data

Thiago Macieira thiago.macieira at intel.com
Thu Sep 5 00:32:18 CEST 2019

On Wednesday, 4 September 2019 14:46:09 PDT Alexander Ivash wrote:
> Is there any mechanism for cleanup sensitive data like passwords etc
> from QML? This issue is that gc() doesn't seem to even nullify memory
> (at least in release on Windows) so all the sensitive information
> stays in memory.

Write in C++ and manage your memory VERY carefully. Remember that memset() 
before free / delete or going out of scope is removed by the compiler.

Don't use new or malloc. Instead, mmap() your chunk of memory yourself and 
mlock() it properly. 

Of course, to display such information you need to accept that it is no longer 
secure. It'll go to QML, then to the text engines, then the pixels will be 
transferred to the display server or the GPU, etc.
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products

More information about the Interest mailing list