[Interest] QML preprocessing
Alexander Ivash
elderorb at gmail.com
Mon Apr 29 12:22:37 CEST 2019
On Apr 29 2019, at 1:13 pm, Giuseppe D'Angelo via Interest <interest at qt-project.org> wrote:
> Hi,
>
> On 24/04/2019 21:23, Alexander Ivash wrote:
> > Yeah, it could work in theory, but in practice there already a lot of
> > places which would require such a modification. This solution just
> > doesn't scale.
>
>
> Any preprocessing solution will require modifications at all call sites
> anyhow, wouldn't it?
>
Not obligatory. Simple cases like console.debug() could be found by regexp/pattern matching and replaced with empty string. It depends on how powerfull QML preprocessor woud be (if it would exist)
>
> Moreover, resulting binary will contain
> > string 'console.debug('password: ',
> > someFunctionWhichReturnsPasswordFromProtectedStorage());' (well, maybe
> > not if qml compiler was enabled).
>
>
> Why would this be a problem anyhow?
Because reverse-engineer can easily find this in dump and get better understanding of application internals. To avoid further comments like 'security by obscurity doesn't work' I need to put a disclaimer: I fully agree!. But I have such a requirements.
> Cheers,
> --
> Giuseppe D'Angelo | giuseppe.dangelo at kdab.com | Senior Software Engineer
> KDAB (France) S.A.S., a KDAB Group company
> Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
> KDAB - The Qt, C++ and OpenGL Experts
>
> _______________________________________________
> Interest mailing list
> Interest at qt-project.org
> https://lists.qt-project.org/listinfo/interest
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20190429/63cf3994/attachment.html>
More information about the Interest
mailing list