[Development] How is Quick Controls 2 deployment meant to be ?

André Pönitz apoenitz at t-online.de
Sat Jul 8 17:07:32 CEST 2017


On Sat, Jul 08, 2017 at 11:24:56AM +0000, Massimo Callegari via Development wrote:
> 2) Security ? There is none.  If you deploy an application using a TextField control with
> echoMode: TextInput.Password, one can easily add some trivial JavaScript code to the
> comfortably reachable QtQuick/Controls.2/TextField.qml file and somehow display/log a
> password.  In general, an end user can seriously mess up an application by changing a few
> text files.  I'm also wondering how Linux distributions can accept this. In my KDE Neon
> distro I've got /usr/lib/x86_64-linux-gnu/qt5/qml/ full of QML files that I can edit and
> compromise my system.

I'll not argue about the others, but this here is nonsense. Anyone who can edit
/lib normally can also edit /etc etc. 

Andre'



More information about the Development mailing list