[Interest] QML preprocessing
elderorb at gmail.com
Mon Apr 29 12:22:37 CEST 2019
On Apr 29 2019, at 1:13 pm, Giuseppe D'Angelo via Interest <interest at qt-project.org> wrote:
> On 24/04/2019 21:23, Alexander Ivash wrote:
> > Yeah, it could work in theory, but in practice there already a lot of
> > places which would require such a modification. This solution just
> > doesn't scale.
> Any preprocessing solution will require modifications at all call sites
> anyhow, wouldn't it?
Not obligatory. Simple cases like console.debug() could be found by regexp/pattern matching and replaced with empty string. It depends on how powerfull QML preprocessor woud be (if it would exist)
> Moreover, resulting binary will contain
> > string 'console.debug('password: ',
> > someFunctionWhichReturnsPasswordFromProtectedStorage());' (well, maybe
> > not if qml compiler was enabled).
> Why would this be a problem anyhow?
Because reverse-engineer can easily find this in dump and get better understanding of application internals. To avoid further comments like 'security by obscurity doesn't work' I need to put a disclaimer: I fully agree!. But I have such a requirements.
> Giuseppe D'Angelo | giuseppe.dangelo at kdab.com | Senior Software Engineer
> KDAB (France) S.A.S., a KDAB Group company
> Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
> KDAB - The Qt, C++ and OpenGL Experts
> Interest mailing list
> Interest at qt-project.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Interest