[Interest] QML and sensitive data
Thiago Macieira
thiago.macieira at intel.com
Tue Sep 10 21:04:00 CEST 2019
On Monday, 9 September 2019 23:53:31 PDT Ulf Hermann wrote:
> I can _not_ recommend this approach. The string may get copied
> internally in many places. Bindings may be evaluated as JavaScript,
> necessitating a JavaScript string representation. The visual
> representation of the string may be generated at some point, passing the
> string through layers of rendering code. The string has to be assembled
> from input somehow, potentially by re-allocating and expanding a buffer
> as you type. The old buffer will not be erased, and the input events may
> be allocated and deleted on the heap, without erasing them before
> deletion. You can _not_ be sure that the string is completely erased
> from memory after theses steps.
As I said in the first reply: whatever you *display* is not secure. So your
first rule should be "don't display".
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel System Software Products
More information about the Interest
mailing list