问题
In my application user types his password in QLineEdit.
QLineEdit works in Password echo mode.
Application must clear password from memory when it is no longer needed.
Does QLineEdit make sure that it clears all its internal memory buffers before they are freed? I cannot found such information in documentation.
If QLineEdit does not clear its content then what is the simplest way to implement such behavior? I want to reuse QLineEdit functionality as much as possible and do not want to implement my own password edit control from scratch. Is it possible?
回答1:
Note that even when calling setText({}) is not completely safe - the string might get written to swap space if your application is swapped out. The only way to prevent that is to allocate the memory for the internal string of the lineEdit yourself and call mlock() on it to prevent swapping. For that you need to write your own lineEdit.
In addition, the text is quite trivial to figure out when attaching a run-time introspection tool like Gammaray to your application, as it is a normal QObject property, and stored obfuscated in RAM.
Also, by looking at the implementation of QWidgetLineControl::internalSetText (see the code), it seems like the line edit text is made available for the accessibility interface, which is accessible to everyone unless accessibility support was not compiled into Qt.
So, depending on your security level, you do need your own implementation.
回答2:
I think calling
QLineEdit::setText("");
will do the job. As Qt documentation says:
Setting this property clears the selection, clears the undo/redo history, moves the cursor to the end of the line and resets the modified property to false.
In opposite, calling QLineEdit::clear() will clear only text, however Undo/Redo stack will still contain the previous text.
来源:https://stackoverflow.com/questions/20048081/qlineedit-password-safety