On Monday, 9 September 2019 23:53:31 PDT Ulf Hermann wrote: > I can _not_ recommend this approach. The string may get copied > internally in many places. Bindings may be evaluated as JavaScript, > necessitating a JavaScript string representation. The visual > representation of the string may be generated at some point, passing the > string through layers of rendering code. The string has to be assembled > from input somehow, potentially by re-allocating and expanding a buffer > as you type. The old buffer will not be erased, and the input events may > be allocated and deleted on the heap, without erasing them before > deletion. You can _not_ be sure that the string is completely erased > from memory after theses steps.
As I said in the first reply: whatever you *display* is not secure. So your first rule should be "don't display". -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel System Software Products _______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
