[Interest] QML preprocessing

Roland Hughes roland at logikalsolutions.com
Sun Apr 28 18:13:14 CEST 2019


Alexander,

Having read a bit more in this thread it appears your problem isn't 
syntactic, it's architectural.

Nothing sensitive should ever be done in a scripted language, period.

If you are worried about a sensitive value being memory dumped because 
of a completely insecure scripted language, then don't do it there. 
Instead of

console.log("their password is: " + returnDecryptedPassword());

use

backEnd.logPassword();

Where backEnd is a C++ class exposed to QML. Inside of the logPassword() 
method you conditionally compile based on debug define. When defined it 
retrieves password and logs it. When not defined it does nothing.

Since you are worried about such data being dumped I will assume you are 
working in some form of regulated/strict testing environment. I have yet 
to work in one of those where a build process which does a search & 
replace doesn't invalidate 100% of all testing. Searching through for 
the last closing ")" can get complicated when there are N function calls 
embedded in the parameter list.

Just my 0.0002 cents

Judging from the length of this thread it seems like you've already 
exerted as much effort trying to find a work around as it would take to 
do it right in the first place.

On 4/26/2019 5:00 AM, Alexander Ivash wrote:
> Thanks Jerome, seems like I have to follow this path... Unless I find some way to hack qmake after reviewing its sources.

-- 
Roland Hughes, President
Logikal Solutions
(630) 205-1593

http://www.theminimumyouneedtoknow.com
http://www.infiniteexposure.net
http://www.johnsmith-book.com
http://www.logikalblog.com
http://www.interestingauthors.com/blog
http://lesedi.us



More information about the Interest mailing list