[Interest] Interest Digest, Vol 106, Issue 12
Roland Hughes
roland at logikalsolutions.com
Mon Jul 13 17:19:30 CEST 2020
On 7/13/20 10:10 AM, interest-request at qt-project.org wrote:
> Il 13/07/20 14:30, Roland Hughes ha scritto:
>> Let us not forget that QML+JavaScript is completely insecure in the
>> OpenSource world. All of that JavaScript gets stuffed into the binary
>> you ship as free text. Anyone with a decent text editor can read/extract
>> your super secret proprietary algorithms. Worse yet, anyone with enough
>> patience can change a binary in the field.
> If you have the source, then why do you need to bother with extracting
> binaries?
>
>
> If you meant in the*non* opensource world, then:
>
> 1) the QML compiler has been a reality for a number of years;
>
> 2) your "super secret" algorithms belong to C++, not to QML, so using or
> not using QML doesn't change the equation. And, you can obfuscate the
> JavaScript code used by your QML part.
>
>
> My 2 c,
No. I mean the binary you ship in your medical device built with the
OpenSource Qt using QML+JavaScript (because that's the lowest cost
worker) has all of that JavaScript in free text within the binary.
I have _never_ walked into a shop using QML that wasn't trying to do
everything in JavaScript. They can hire those people for no money. All
they know is JavaScript so that's all they use. QML just has bad design
all over. First and foremost it does not restrict what can be done in
JavaScript so these shops go merrily on their way putting everyone at risk.
--
Roland Hughes, President
Logikal Solutions
(630)-205-1593
http://www.theminimumyouneedtoknow.com
http://www.infiniteexposure.net
http://www.johnsmith-book.com
http://www.logikalblog.com
http://www.interestingauthors.com/blog
More information about the Interest
mailing list