On Monday, 9 September 2019 23:53:31 PDT Ulf Hermann wrote:
> I can _not_ recommend this approach. The string may get copied
> internally in many places. Bindings may be evaluated as JavaScript,
> necessitating a JavaScript string representation. The visual
> representation of the string may be
Il 10/09/19 15:44, Uwe Rathmann ha scritto:
PS: could someone in charge of this mailinglist please have a look at
the spam filter ?
See
https://bugreports.qt.io/browse/QTQAINFRA-3072
Thanks,
--
Giuseppe D'Angelo | giuseppe.dang...@kdab.com | Senior Software Engineer
KDAB (France) S.A.S.,
> Sent: Monday, September 09, 2019 at 5:35 PM
> From: "Alexander Ivash"
> To: "interestqt-project.org"
> Subject: Re: [Interest] QML and sensitive data
>
> Just in case if someone will be looking for solution - I've managed to
> eliminate all
On 9/10/19 3:08 PM, Alexander Ivash wrote:
Under what conditions? I mentioned that Quick Controls 2 is a must to
make behaviour more deterministic.
F.e QTextInput ( QC2 has nothing to with it ) is completly done in C++
and if you are willing to include private headers ( not private in the
Right, the whole approach is not something I'm really proud of. And of
course it has its limitations, but:
>> The string may get copied internally in many places
Under what conditions? I mentioned that Quick Controls 2 is a must to
make behaviour more deterministic. Unless I'm missing something
Hi,
> Just in case if someone will be looking for solution - I've managed to
> eliminate all the sensitive data from memory on closing particular QML
> screen without sacrificing existing architecture. The secret is pretty
> simple: just avoid situations when QString-s gets copied into JS
>
Just in case if someone will be looking for solution - I've managed to
eliminate all the sensitive data from memory on closing particular QML
screen without sacrificing existing architecture. The secret is pretty
simple: just avoid situations when QString-s gets copied into JS
strings:
1. Do not
Il 05/09/19 14:28, Roland Hughes ha scritto:
The best solution would be to use Widgets.
A QLineEdit is just as secure as an equivalent QML control (which means,
it's not secure).
My 2 c,
--
Giuseppe D'Angelo | giuseppe.dang...@kdab.com | Senior Software Engineer
KDAB (France) S.A.S., a KDAB
05.09.2019, 19:02, "Jason H" :
>> On Wednesday, 4 September 2019 16:20:44 PDT Alexander Ivash wrote:
>> > Thank you for fast response, but my question is purely about QML. On
>> > C++ side I have a lot of ways for nullifying / erasing sensitive
>> > information *after* it is not needed (let
> On Wednesday, 4 September 2019 16:20:44 PDT Alexander Ivash wrote:
> > Thank you for fast response, but my question is purely about QML. On
> > C++ side I have a lot of ways for nullifying / erasing sensitive
> > information *after* it is not needed (let say after particular QML
> > screen gets'
I understand this, but this is not an issue. Let say it is allowed to
have sensitive information in memory when particular QML screen (used
for showing/editing this information) is opened. But, information
should be fully eliminated from memory dump (cleaning up leftovers in
GPU is also not
Thanks Jason, making custom component which would be able to present
data from password chunks stored in different locations sounds like a
bit less painful than other options. I'll keep it in mind.
чт, 5 сент. 2019 г. в 16:30, Jason H :
>
> > Is there any mechanism for cleanup sensitive data like
On Wednesday, 4 September 2019 16:20:44 PDT Alexander Ivash wrote:
> Thank you for fast response, but my question is purely about QML. On
> C++ side I have a lot of ways for nullifying / erasing sensitive
> information *after* it is not needed (let say after particular QML
> screen gets' closed).
r Ivash
> Cc: interestqt-project.org
> Subject: Re: [Interest] QML and sensitive data
>
> > Is there any mechanism for cleanup sensitive data like passwords etc
> > from QML? This issue is that gc() doesn't seem to even nullify memory
> > (at least in release on Windows
in the first place.
But some application still need those. Ignore if not applicable to you.
-Original Message-
From: Interest On Behalf Of Jason H
Sent: September 5, 2019 9:31 AM
To: Alexander Ivash
Cc: interestqt-project.org
Subject: Re: [Interest] QML and sensitive data
> Is there
> Is there any mechanism for cleanup sensitive data like passwords etc
> from QML? This issue is that gc() doesn't seem to even nullify memory
> (at least in release on Windows) so all the sensitive information
> stays in memory.
My recommendation would be to use a library that has proper
So here's a crazy idea.
You could decide to circumvent the whole thing, by drawing your own input
widget on top of an opengl texture, and inject that into the QML
scenegraph. I'm not entirely sure how you would sidestep input handling,
but at least that way you could potentially sidestep
> Cheap hack #1: assign both fields new values once validated, say "*"
> and force screen update before navigating away.
No. Strings are immutable in QML (and JavaScript). The old string will
still be in memory at that point. And no, it's not a QString.
const-casting and overwriting from
On 9/5/19 5:00 AM, Alexander Ivash wrote:
Thank you for fast response, but my question is purely about QML. On
C++ side I have a lot of ways for nullifying / erasing sensitive
information*after* it is not needed (let say after particular QML
screen gets' closed). But on QML / JS side I have no
Crashes are already happening which means obviously I'm doing
something wrong. But what options do I have? Do I have it at all?
чт, 5 сент. 2019 г. в 09:37, Elvis Stansvik :
>
> Den tors 5 sep. 2019 01:22Alexander Ivash skrev:
>>
>> Thank you for fast response, but my question is purely about
Den tors 5 sep. 2019 01:22Alexander Ivash skrev:
> Thank you for fast response, but my question is purely about QML. On
> C++ side I have a lot of ways for nullifying / erasing sensitive
> information *after* it is not needed (let say after particular QML
> screen gets' closed). But on QML / JS
Thank you for fast response, but my question is purely about QML. On
C++ side I have a lot of ways for nullifying / erasing sensitive
information *after* it is not needed (let say after particular QML
screen gets' closed). But on QML / JS side I have no any control at
all. Would be great if one of
On Wednesday, 4 September 2019 14:46:09 PDT Alexander Ivash wrote:
> Is there any mechanism for cleanup sensitive data like passwords etc
> from QML? This issue is that gc() doesn't seem to even nullify memory
> (at least in release on Windows) so all the sensitive information
> stays in memory.
Is there any mechanism for cleanup sensitive data like passwords etc
from QML? This issue is that gc() doesn't seem to even nullify memory
(at least in release on Windows) so all the sensitive information
stays in memory.
What I tried so far is to pass js-created string to C++ into cleanup
24 matches
Mail list logo