[Interest] QML and sensitive data

Jason H jhihn at gmx.com
Thu Sep 5 18:00:15 CEST 2019

> On Wednesday, 4 September 2019 16:20:44 PDT Alexander Ivash wrote:
> > Thank you for fast response, but my question is purely about QML. On
> > C++ side I have a lot of ways for nullifying / erasing sensitive
> > information *after* it is not needed (let say after particular QML
> > screen gets' closed). But on QML / JS side I have no any control at
> > all. Would be great if one of QML guys could step in and comment too.
> As I said, the moment you want to display a string, it's no longer considered
> secure. This has nothing to do with QML.
> The string will be used for text shaping, the pixels will be drawn in a
> pixmap, said pixmap will be shared with the compositor, which then by some
> means uploads it to the GPU.

If you have an array of non-contiguous 1-char strings, which are converted to images, then displayed sequentially (increasing x position) then you never have the string in memory.

"Ceci n'est pas une pipe"

More information about the Interest mailing list