[Interest] QML and sensitive data
ulf.hermann at qt.io
Tue Sep 10 08:53:31 CEST 2019
> Just in case if someone will be looking for solution - I've managed to
> eliminate all the sensitive data from memory on closing particular QML
> screen without sacrificing existing architecture. The secret is pretty
> simple: just avoid situations when QString-s gets copied into JS
> 1. Do not use QJsonArray as the model for QML, use QVariantList as the
> replacement instead. At least because QVariantList of QVariants of
> QStrings allows an access to QString if required.
> 2. Use Quick Controls 2 because they are implemented in C++ and thus
> doesn't result in creation of JS strings
> 3. On destruction of Quick Controls pass properties like 'text',
> 'displayText' etc to C++ where const_cast and nullify
> implicitly-shared buffer.
> Bonus: QJsonDocument provides nice 'rawData' function allowing to
> cleanup its internals if required.
I can _not_ recommend this approach. The string may get copied
representation of the string may be generated at some point, passing the
string through layers of rendering code. The string has to be assembled
from input somehow, potentially by re-allocating and expanding a buffer
as you type. The old buffer will not be erased, and the input events may
be allocated and deleted on the heap, without erasing them before
deletion. You can _not_ be sure that the string is completely erased
from memory after theses steps.
And obviously const_cast'ing and nullifying a string is not thread safe.
If you are running a threaded render loop, for example, you may just
have created a race condition.
More information about the Interest