[Interest] rebooted QtWebKit for Qt4??
Thiago Macieira
thiago.macieira at intel.com
Mon Jul 13 17:38:32 CEST 2020
On Monday, 13 July 2020 05:30:50 PDT Roland Hughes wrote:
> Let us not forget that QML+JavaScript is completely insecure in the
> OpenSource world. All of that JavaScript gets stuffed into the binary
> you ship as free text. Anyone with a decent text editor can read/extract
> your super secret proprietary algorithms. Worse yet, anyone with enough
> patience can change a binary in the field.
Then use some filesystem-level protection mechanism like dm-verity.
That will prevent replacing the binaries altogether, whether done by the way
of editing some text inside or by recompiling.
PS: QML is usually not found in clear text inside the binary because rcc
attempts to compress and text compresses really well. You need to actually
reverse engineer to find the compressed text content. It's not very difficult,
but it is one step up from trivial.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel System Software Products
More information about the Interest
mailing list