Protection of QML code
-
Hello
I think that's not a problem. AFAIK, QML was developed to make it easy to create modern UI. So if you need to implement some "secret" logic, use C++. It won't be hard while you're using Qt.
Another suggestion: if it's possible to use QML code that's stored as QString, then encrypt it and add as a resource. Then add a small function, that decrypts it on app startup.[quote author="chall3ng3r" date="1318651607"]crack serial number protection etc.[/quote]
I think it's silly to implement serial number protection in QML.
-
I understand your point Wilk, and i agree with it. But it is indeed a good feature to be added in Qt, at least in the commercial version. A company, for example, may not want to use QML because they are afraid of distributing part of the source code with the application.
My boss don't understand how Qt works, and even if i try to explain to him, he would rather use pure C++ than QML to make the UI. -
Binary QML* is under development.
* support for translating QML into a corresponding binary data structure at compile time (rather than letting the Qt Quick engine do it during application start-up), for IPR protection and reduced application start-up time
[quote author="aalpert" date="1335837663"]Already done ;) . The only thing missing is allowing the compile phase to be run separately to instantiating the scene, so that the binary data can be stored.[/quote] -
In the meantime, you can use the Qt resource system to link the QML files into the program binary. This requires at least some skill to extract the QML files, compared to having them on the file system.
-
@Wilk implementing QML UI logic (like custom UI functionality only components) in C++ for protection is impossible as there is no C++ API for accessing QML stuff (that's a controversial hot topic on it's own), so there's no way of doing that
@Lukas where's the info about binary QML? that sounds really nice.
Is it in any official documentation? is there a date or release number (Qt5 perhaps ;) for the implementation of that?
-
I'm not sure if IPR protection for QML is really such a big deal.
After all, most non-trivial Qt Quick applications will most likely tightly integrate C++ backend functionality with the QML frontend/UI description. Even if a hacker / power-user extracts the plain-text QML resource from the .exe, he won't be able to do anything useful with it.The only issue I can imagine is if self-contained algorithms inside the QML (JavaScript functions or GLSL shader effects) need to be protected at all cost.
In any case, if you really want to encrypt/obfuscate your QML, just so it yourself (there should be enough cryptography C++ libraries out there which you can use).
You can probably let your build system automatically do the encryption before embedding the QML files as resources in the executable, and do the decryption in your C++ code and then load the decrypted QML from QString like described here: http://lists.qt.nokia.com/pipermail/qt-qml/2010-November/001771.html[quote author="Raul" date="1337991104"]implementing QML UI logic (like custom UI functionality only components) in C++ for protection is impossible as there is no C++ API for accessing QML stuff[/quote]
Why would you need a "C++ API for accessing QML stuff" for that?
It works the other way around: You can do your UI logic in C++ by implementing full QtQuick components or data-models models in C++, and then access them from QML. And yes, components can be "functionality only", they don't have to render anything.
[quote author="Raul" date="1337991104"]where's the info about binary QML?[/quote]
The statement which Lukas Geyer referenced is a quote from Alan Alpert (part of Nokia's Qt development team), and can be found here: http://qt-project.org/forums/viewreply/84245/
[quote author="Raul" date="1337991104"]Is it in any official documentation? is there a date or release number (Qt5 perhaps ;) for the implementation of that?[/quote]
No, nothing official as far as I can tell, it was just a statement that implementing this would be possible and wouldn't be opposed by the Qt Quick team, however "no-one has gotten around to it".
-
[quote author="jdavet" date="1338203359"][quote author="Raul" date="1337991104"]where's the info about binary QML?[/quote]The statement which Lukas Geyer referenced is a quote from Alan Alpert (part of Nokia's Qt development team), and can be found here: http://qt-project.org/forums/viewreply/84245/[/quote]
Additional bits of information can be found on the mailing list "here":http://www.mail-archive.com/development@qt-project.org/msg03352.html and "here":http://www.mail-archive.com/development@qt-project.org/msg03395.html.
-
bq. After all, most non-trivial Qt Quick applications will most likely tightly integrate C++ backend functionality with the QML frontend/UI description. Even if a hacker / power-user extracts the plain-text QML resource from the .exe, he won’t be able to do anything useful with it.
The only issue I can imagine is if self-contained algorithms inside the QML (JavaScript functions or GLSL shader effects) need to be protected at all cost.Not really, as you can see, QML will be all about components (Like desktop, meego or symbian), and if you build commercial components (there's actually market for that on Qt with commercial widgets), then it would be a good idea to protect that IP.
bq. In any case, if you really want to encrypt/obfuscate your QML, just so it yourself (there should be enough cryptography C++ libraries out there which you can use).
If there's a real need for protecting the IP of applications (which I'm pretty sure there is, at least for closed source apps), then why not just having it built in.
Binary QML seems nice, I just hope that other developers using QML will have the need so that it's implemented sooner. I'd help but I wouldn't know where to start, the Qt source code is quite a mouthful.
-
[quote author="Raul" date="1338935644"]Not really, as you can see, QML will be all about components (Like desktop, meego or symbian), and if you build commercial components (there's actually market for that on Qt with commercial widgets), then it would be a good idea to protect that IP.[/quote]
But do you expect many non-trivial commercial Qt Quick components do be written in pure QML+JavaScript?
Again, note that custom QtQuick components can be written in C++, and for complex components this is actually recommended.
[quote author="Raul" date="1338935644"]Binary QML seems nice, I just hope that other developers using QML will have the need so that it's implemented sooner. I'd help but I wouldn't know where to start, the Qt source code is quite a mouthful.[/quote]
True, unless the people who designed Qt Quick get on board, I suspect it would probably be difficult to add this feature.
In the meantime, another possibility is using a generic executable compressor/obfuscator on the binary that embeds the QML source code: http://en.wikipedia.org/wiki/Executable_compression
-
[quote author="jdavet" date="1338993791"]
But do you expect many non-trivial commercial Qt Quick components do be written in pure QML+JavaScript?Again, note that custom QtQuick components can be written in C++, and for complex components this is actually recommended.
[/quote]I don't expect pure Javascript apps, but I do expect pure QML UIs. And again, as I said before, you should research C++ support, because I see you have no idea that you CANNOT build QML UI with C++, you can't build components, animations or anything in C++, if you want a QML UI, it has to be QML only, so if you build commercial QML components, they can only be written in QML.
I emphasize QML UI, no real business logic there, all of the models will be built in C++, but the UI components can only be QML. -
Sorry, but: no. That is simply not true. Did you even look at the C++ API to create QML components?
-
... and the Animation Framework and the State Machine Framework.
-
It would be great to see this added as a suggestion on http://bugreports.qt-project.org -- that should give it a better chance of being looked at, scheduled, etc.
Regards,
Michael