Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct
Source code security
-
I have noticed that whatever I include to *.qrc files it is just copied to an executable. It means that every QML file I write can be easily read by opening an executable with simple text editor.
What can I do to prevent such security flaw?
Most importantly - Why does Qt Creator not warn about such situation?
-
Qrc is just a resource like any other. It was not designed for source code obfuscation. The qt enterprise version includes a qml «compiler» which allows you to do what you want.
-
Hi, I think it's not considered a security problem, storing language/text resources in clear text in .exe files are standard, it's the same if you make apps in Xcode or in Visual Studio.
But there a plenty of 3rd party solutions, so you can pack and/or encrypt your executable (the is used by the game industry a lot). Long time ago i used UPX, it's still free I think.
-
Security flaw is when the user doesn't have access to the source code.
-
I found this tool - QtQuickCompiler. It works, thank you very much!
I am afraid that only packing executable file is not making my code secure. However UPX proves useful as it makes an executable much smaller. I will be using it anyway. Thanks!
