How to zero out the password in the memory. Flutter keeps all inputs from the TextEditingController

Question

It seems TextEditingController keeps all plain input text including password in the memory.

I have tried many things so far

controller.dispose()
set the value null
replace with other text
zero out the memory of controller.text by using the FFI

The problem is that the input logs(plain text json format) remain in the memory.

https://github.com/flutter/flutter/issues/84708

This is a critical issue for me.

Please let me know how to zero out the password in the memory.

Thank you.

jamesdlin · Answer 1 · 2022-10-07T15:28:17.700

You cannot effectively zero memory in Dart. Memory in Dart is managed by the garbage collector, so you cannot control the lifetime of memory allocations nor prevent memory from being copied or moved. Furthermore, Dart Strings are immutable.

One way to mitigate it would be to use dart:ffi and to have all operations involving passwords go through, say, a C or C++ library where memory is not managed by the GC, but that still wouldn't completely help if you use Dart code to get the password from the user in the first place.

score -1 · Answer 2 · answered Aug 27 '21 at 06:27

-1

When you tab on the login button then just write _controller.text ="" ;

answered Aug 27 '21 at 06:27

Hasib Akon

580
6
16

this does not remove the previous string value from memory – ellemenno Nov 22 '21 at 16:33
did you try it into the initial state? Or after executing any operation? – Hasib Akon Nov 22 '21 at 17:12

How to zero out the password in the memory. Flutter keeps all inputs from the TextEditingController

2 Answers2

Linked

Related