Source code security



  • I have noticed that whatever I include to *.qrc files it is just copied to an executable. It means that every QML file I write can be easily read by opening an executable with simple text editor.

    What can I do to prevent such security flaw?

    Most importantly - Why does Qt Creator not warn about such situation?



  • @Mertanian

    Qrc is just a resource like any other. It was not designed for source code obfuscation. The qt enterprise version includes a qml «compiler» which allows you to do what you want.



  • Hi, I think it's not considered a security problem, storing language/text resources in clear text in .exe files are standard, it's the same if you make apps in Xcode or in Visual Studio.
    But there a plenty of 3rd party solutions, so you can pack and/or encrypt your executable (the is used by the game industry a lot). Long time ago i used UPX, it's still free I think.



  • Security flaw is when the user doesn't have access to the source code.



  • @t3685

    I found this tool - QtQuickCompiler. It works, thank you very much!

    @hskoglund

    I am afraid that only packing executable file is not making my code secure. However UPX proves useful as it makes an executable much smaller. I will be using it anyway. Thanks!


Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.