[Interest] QML and sensitive data
Thiago Macieira
thiago.macieira at intel.com
Thu Sep 5 00:32:18 CEST 2019
On Wednesday, 4 September 2019 14:46:09 PDT Alexander Ivash wrote:
> Is there any mechanism for cleanup sensitive data like passwords etc
> from QML? This issue is that gc() doesn't seem to even nullify memory
> (at least in release on Windows) so all the sensitive information
> stays in memory.
Write in C++ and manage your memory VERY carefully. Remember that memset()
before free / delete or going out of scope is removed by the compiler.
Don't use new or malloc. Instead, mmap() your chunk of memory yourself and
mlock() it properly.
Of course, to display such information you need to accept that it is no longer
secure. It'll go to QML, then to the text engines, then the pixels will be
transferred to the display server or the GPU, etc.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel System Software Products
More information about the Interest
mailing list