Important: Please read the Qt Code of Conduct -

Source code security

  • I have noticed that whatever I include to *.qrc files it is just copied to an executable. It means that every QML file I write can be easily read by opening an executable with simple text editor.

    What can I do to prevent such security flaw?

    Most importantly - Why does Qt Creator not warn about such situation?

  • @Mertanian

    Qrc is just a resource like any other. It was not designed for source code obfuscation. The qt enterprise version includes a qml «compiler» which allows you to do what you want.

  • Hi, I think it's not considered a security problem, storing language/text resources in clear text in .exe files are standard, it's the same if you make apps in Xcode or in Visual Studio.
    But there a plenty of 3rd party solutions, so you can pack and/or encrypt your executable (the is used by the game industry a lot). Long time ago i used UPX, it's still free I think.

  • Security flaw is when the user doesn't have access to the source code.

  • @t3685

    I found this tool - QtQuickCompiler. It works, thank you very much!


    I am afraid that only packing executable file is not making my code secure. However UPX proves useful as it makes an executable much smaller. I will be using it anyway. Thanks!

Log in to reply