[Interest] QML and sensitive data

Alexander Ivash elderorb at gmail.com
Thu Sep 5 01:20:44 CEST 2019 

Thank you for fast response, but my question is purely about QML. On
C++ side I have a lot of ways for nullifying / erasing sensitive
information *after* it is not needed (let say after particular QML
screen gets' closed). But on QML / JS side I have no any control at
all. Would be great if one of QML guys could step in and comment too.

Here is the small example illustrating my issue (all I need is to make
'Piter Pen' to disappear from memory dumps):

<main.qml>

import QtQuick 2.12
import QtQuick.Window 2.12

Window {
    visible: true
    width: 640
    height: 480
    title: qsTr("Hello World")

    Component.onCompleted: {
        var test = "Piter Pen";

        // uncommenting results in a crash
        // backend.cleanup(test);

        // doesnt' nullify "Piter Pen"
        // gc();

        // doesn't work either
        /*
        Qt.callLater(() => {
                      gc();
                     })
                     */
    }
}

<main.cpp>

#include <QGuiApplication>
#include <QQmlContext>
#include <QQmlApplicationEngine>
#include <random>
#include <chrono>
#include <QString>
#include <QByteArray>
#include <QDebug>

class Backend : public QObject
{
    Q_OBJECT
public:
    explicit Backend(QObject *parent = nullptr) {
        QString str1 = "Piter Pen";
        QString str2 = str1;
        QString str3 = str2;

        qDebug() << "str1:" << str1;
        qDebug() << "str2:" << str2;
        qDebug() << "str3:" << str3;

        cleanup(str1);

        qDebug() << "str1:" << str1;
        qDebug() << "str2:" << str2;
        qDebug() << "str3:" << str3;
    }

    Q_INVOKABLE void cleanup(const QString& str) {
        std::mt19937
eng(std::chrono::system_clock::now().time_since_epoch().count());
        std::uniform_int_distribution<ushort> distribution;

        QChar* data = const_cast<QChar*> (str.constData());

        for(int i = 0; i < str.length(); ++i) {
            data[i] = distribution(eng);
        }
    }
};

int main(int argc, char *argv[])
{
    QCoreApplication::setAttribute(Qt::AA_EnableHighDpiScaling);

    QGuiApplication app(argc, argv);

    Backend backend;
    QQmlApplicationEngine engine;
    const QUrl url(QStringLiteral("qrc:/main.qml"));
    QObject::connect(&engine, &QQmlApplicationEngine::objectCreated,
                     &app, [url](QObject *obj, const QUrl &objUrl) {
        if (!obj && url == objUrl)
            QCoreApplication::exit(-1);
    }, Qt::QueuedConnection);
    engine.rootContext()->setContextProperty("backend", &backend);
    engine.load(url);

    return app.exec();
}

#include "main.moc"

чт, 5 сент. 2019 г. в 01:32, Thiago Macieira <thiago.macieira at intel.com>:
>
> On Wednesday, 4 September 2019 14:46:09 PDT Alexander Ivash wrote:
> > Is there any mechanism for cleanup sensitive data like passwords etc
> > from QML? This issue is that gc() doesn't seem to even nullify memory
> > (at least in release on Windows) so all the sensitive information
> > stays in memory.
>
> Write in C++ and manage your memory VERY carefully. Remember that memset()
> before free / delete or going out of scope is removed by the compiler.
>
> Don't use new or malloc. Instead, mmap() your chunk of memory yourself and
> mlock() it properly.
>
> Of course, to display such information you need to accept that it is no longer
> secure. It'll go to QML, then to the text engines, then the pixels will be
> transferred to the display server or the GPU, etc.
> --
> Thiago Macieira - thiago.macieira (AT) intel.com
>   Software Architect - Intel System Software Products
>
>
>
> _______________________________________________
> Interest mailing list
> Interest at qt-project.org
> https://lists.qt-project.org/listinfo/interest

More information about the Interest mailing list