[Development] How is Quick Controls 2 deployment meant to be ?
Christoph Feck
cfeck at kde.org
Sat Jul 8 13:46:47 CEST 2017
On 08.07.2017 13:24, Massimo Callegari via Development wrote:
> 2) Security ? There is none.
> If you deploy an application using a TextField control with echoMode: TextInput.Password, one can easily add some trivial JavaScript code to the comfortably reachable QtQuick/Controls.2/TextField.qml file and somehow display/log a password.
> In general, an end user can seriously mess up an application by changing a few text files.
> I'm also wondering how Linux distributions can accept this. In my KDE Neon distro I've got /usr/lib/x86_64-linux-gnu/qt5/qml/ full of QML files that I can edit and compromise my system.
If you have root access.
More information about the Development
mailing list