Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

Qt IFW, block malicious upgrades



  • Hi all,
    I'm using QtIFW for my project. It produce an online installer so that I can put new packages on my server and clients can download them via Maintenancetool.

    I'd like to be sure the downloaded package are my package so that is someone replace the package on the server with a malicious one, the installer can block it.

    Is there a way? Is there a kind of package signature so that only me can produce installer package?

    Thanks

    Luca



  • I am afraid IFW does not have such feature. With online installer you can install basically anything as you can give new repository URLs as parameters to installer.


Log in to reply