On 7/13/20 10:10 AM, interest-requ...@qt-project.org wrote:
Il 13/07/20 14:30, Roland Hughes ha scritto:
Let us not forget that QML+JavaScript is completely insecure in the
OpenSource world. All of that JavaScript gets stuffed into the binary
you ship as free text. Anyone with a decent text editor can read/extract
your super secret proprietary algorithms. Worse yet, anyone with enough
patience can change a binary in the field.
If you have the source, then why do you need to bother with extracting
binaries?
If you meant in the*non* opensource world, then:
1) the QML compiler has been a reality for a number of years;
2) your "super secret" algorithms belong to C++, not to QML, so using or
not using QML doesn't change the equation. And, you can obfuscate the
JavaScript code used by your QML part.
My 2 c,
No. I mean the binary you ship in your medical device built with the
OpenSource Qt using QML+JavaScript (because that's the lowest cost
worker) has all of that JavaScript in free text within the binary.
I have _never_ walked into a shop using QML that wasn't trying to do
everything in JavaScript. They can hire those people for no money. All
they know is JavaScript so that's all they use. QML just has bad design
all over. First and foremost it does not restrict what can be done in
JavaScript so these shops go merrily on their way putting everyone at risk.
--
Roland Hughes, President
Logikal Solutions
(630)-205-1593
http://www.theminimumyouneedtoknow.com
http://www.infiniteexposure.net
http://www.johnsmith-book.com
http://www.logikalblog.com
http://www.interestingauthors.com/blog
_______________________________________________
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest
