Thanks Jason, making custom component which would be able to present data from password chunks stored in different locations sounds like a bit less painful than other options. I'll keep it in mind.
чт, 5 сент. 2019 г. в 16:30, Jason H <jh...@gmx.com>: > > > Is there any mechanism for cleanup sensitive data like passwords etc > > from QML? This issue is that gc() doesn't seem to even nullify memory > > (at least in release on Windows) so all the sensitive information > > stays in memory. > > > My recommendation would be to use a library that has proper storage and > management of such things. I have used the Crypto++ library ( > https://www.cryptopp.com/ ) with Qt/QML. Its not a magic bullet and proper > cryptography is hard. However, I think you can keep the string in C++ land, > and encrypted. How? You have to not store the password ever. Assuming I > understand your situation, if it were me reting to protect a password field, > I would have something that looks and behaved like a InputText (or whatever) > that sends the characters to the C++ side, so that the sensitive data never > exists in QML, subject to gc(). Of course keylogging would be able to recover > the password, but there is no single QML string that is > "SuperSecretIn-MemoryPassword1234!@#$". > > So: > 1. Break it into non-contiguous parts > 2. Do all crypto in C++ > 3. Have the UI mimic familiar paradigms but don't actually use them > > > > > > > _______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
