[Interest] QML and sensitive data
jhihn at gmx.com
Tue Sep 10 16:00:36 CEST 2019
> Sent: Monday, September 09, 2019 at 5:35 PM
> From: "Alexander Ivash" <elderorb at gmail.com>
> To: "interestqt-project.org" <interest at qt-project.org>
> Subject: Re: [Interest] QML and sensitive data
> Just in case if someone will be looking for solution - I've managed to
> eliminate all the sensitive data from memory on closing particular QML
> screen without sacrificing existing architecture. The secret is pretty
> simple: just avoid situations when QString-s gets copied into JS
> 1. Do not use QJsonArray as the model for QML, use QVariantList as the
> replacement instead. At least because QVariantList of QVariants of
> QStrings allows an access to QString if required.
> 2. Use Quick Controls 2 because they are implemented in C++ and thus
> doesn't result in creation of JS strings
> 3. On destruction of Quick Controls pass properties like 'text',
> 'displayText' etc to C++ where const_cast and nullify
> implicitly-shared buffer.
> Bonus: QJsonDocument provides nice 'rawData' function allowing to
> cleanup its internals if required.
I stand by my previous suggestions, but also would like to add if you are intent on storing it in memory, then you can xor-pad and xor each character as they are drawn.
More information about the Interest