Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. QML and Qt Quick
  4. Source code security
Forum Updated to NodeBB v4.3 + New Features

Source code security

Scheduled Pinned Locked Moved Solved QML and Qt Quick
5 Posts 4 Posters 1.3k Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M Offline
    M Offline
    Mertanian
    wrote on last edited by
    #1

    I have noticed that whatever I include to *.qrc files it is just copied to an executable. It means that every QML file I write can be easily read by opening an executable with simple text editor.

    What can I do to prevent such security flaw?

    Most importantly - Why does Qt Creator not warn about such situation?

    T 1 Reply Last reply
    0
    • M Mertanian

      I have noticed that whatever I include to *.qrc files it is just copied to an executable. It means that every QML file I write can be easily read by opening an executable with simple text editor.

      What can I do to prevent such security flaw?

      Most importantly - Why does Qt Creator not warn about such situation?

      T Offline
      T Offline
      t3685
      wrote on last edited by
      #2

      @Mertanian

      Qrc is just a resource like any other. It was not designed for source code obfuscation. The qt enterprise version includes a qml «compiler» which allows you to do what you want.

      1 Reply Last reply
      0
      • hskoglundH Offline
        hskoglundH Offline
        hskoglund
        wrote on last edited by
        #3

        Hi, I think it's not considered a security problem, storing language/text resources in clear text in .exe files are standard, it's the same if you make apps in Xcode or in Visual Studio.
        But there a plenty of 3rd party solutions, so you can pack and/or encrypt your executable (the is used by the game industry a lot). Long time ago i used UPX, it's still free I think.

        1 Reply Last reply
        0
        • D Offline
          D Offline
          devel
          wrote on last edited by
          #4

          Security flaw is when the user doesn't have access to the source code.

          1 Reply Last reply
          0
          • M Offline
            M Offline
            Mertanian
            wrote on last edited by
            #5

            @t3685

            I found this tool - QtQuickCompiler. It works, thank you very much!

            @hskoglund

            I am afraid that only packing executable file is not making my code secure. However UPX proves useful as it makes an executable much smaller. I will be using it anyway. Thanks!

            1 Reply Last reply
            0

            • Login

            • Login or register to search.
            • First post
              Last post
            0
            • Categories
            • Recent
            • Tags
            • Popular
            • Users
            • Groups
            • Search
            • Get Qt Extensions
            • Unsolved