[Interest] QML and sensitive data

Thiago Macieira thiago.macieira at intel.com
Tue Sep 10 21:04:00 CEST 2019

On Monday, 9 September 2019 23:53:31 PDT Ulf Hermann wrote:
> I can _not_ recommend this approach. The string may get copied
> internally in many places. Bindings may be evaluated as JavaScript,
> necessitating a JavaScript string representation. The visual
> representation of the string may be generated at some point, passing the
> string through layers of rendering code. The string has to be assembled
> from input somehow, potentially by re-allocating and expanding a buffer
> as you type. The old buffer will not be erased, and the input events may
> be allocated and deleted on the heap, without erasing them before
> deletion. You can _not_ be sure that the string is completely erased
> from memory after theses steps.

As I said in the first reply: whatever you *display* is not secure. So your 
first rule should be "don't display".

Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products

More information about the Interest mailing list