[Interest] Interest Digest, Vol 106, Issue 12

Roland Hughes roland at logikalsolutions.com
Mon Jul 13 17:19:30 CEST 2020


On 7/13/20 10:10 AM, interest-request at qt-project.org wrote:
> Il 13/07/20 14:30, Roland Hughes ha scritto:
>> Let us not forget that QML+JavaScript is completely insecure in the
>> OpenSource world. All of that JavaScript gets stuffed into the binary
>> you ship as free text. Anyone with a decent text editor can read/extract
>> your super secret proprietary algorithms. Worse yet, anyone with enough
>> patience can change a binary in the field.
> If you have the source, then why do you need to bother with extracting
> binaries?
>
>
> If you meant in the*non*  opensource world, then:
>
> 1) the QML compiler has been a reality for a number of years;
>
> 2) your "super secret" algorithms belong to C++, not to QML, so using or
> not using QML doesn't change the equation. And, you can obfuscate the
> JavaScript code used by your QML part.
>
>
> My 2 c,

No. I mean the binary you ship in your medical device built with the 
OpenSource Qt using QML+JavaScript (because that's the lowest cost 
worker) has all of that JavaScript in free text within the binary.

I have _never_ walked into a shop using QML that wasn't trying to do 
everything in JavaScript. They can hire those people for no money. All 
they know is JavaScript so that's all they use. QML just has bad design 
all over. First and foremost it does not restrict what can be done in 
JavaScript so these shops go merrily on their way putting everyone at risk.

-- 
Roland Hughes, President
Logikal Solutions
(630)-205-1593

http://www.theminimumyouneedtoknow.com
http://www.infiniteexposure.net
http://www.johnsmith-book.com
http://www.logikalblog.com
http://www.interestingauthors.com/blog



More information about the Interest mailing list