Is there any mechanism for cleanup sensitive data like passwords etc from QML? This issue is that gc() doesn't seem to even nullify memory (at least in release on Windows) so all the sensitive information stays in memory.
What I tried so far is to pass js-created string to C++ into cleanup function, which would take const QString&, then get access to constData() (to ensure no detach) and fill the internal buffer with random data, but got 'access violation' on accessing the first QChar. Interestingly the same approach works just fine with C++-created QString-s. Does it mean QML memory manager somehow protects memory? Quick search for VirtualProtect resulted nothing... Or it is because of multi-threaded nature of QML (render thread, event thread etc. ) ? But just to clarify, I've been trying to do cleanup for local variable, so it was definitely not being rendered at that moment... I can't override new/delete for QString or globally (which is bad idea anyway) as it will require custom Qt build and moreover, without deep knowledge in how does QML memory management work it might lead nowhere. Next thing which comes to mind is hooking some Qt internals, but.... It just feels wrong and will require a lot of efforts to implement on all the platforms (and on some of them might not be even possible without root access) So.. I would appreciate a lot any ideas, even craziest ones. Also is there any actual technical notes on QML memory management? _______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
