Congratulations to our 2022 Qt Champions!

Capturing user credentials from Login Page

  • In my QT application, I need to download certain data. This data is protected and users need to Login to the website to download the data. In order to allow users to login, I display the Login Page of our website using
    QWebEngineView. The user enters his credentials. This generates the required cookies for authentication. I store the generated cookies in QNetworkCookieJar. I then create a QNetworkAccessManager and add the saved QNetworkCookieJar to QNetworkAccessManager. I then use the QNetworkAccessManager to download the data. This all works fine. However, in the security review of my project, there were concerns raised that the Login page is under the control of my application and thus I can get the user credentials (for eg. by watching the keystrokes on Login Page).

    So my question is: Is this security risk real? Can I actually get the user credentials? If yes. what options do I have to authenticate the user and still avoid any security loopholes?

  • @mahesh_j
    Excuse me if I am wrong, but doesn't any desktop application allow keystroke monitoring?

Log in to reply