On Monday, 13 July 2020 05:30:50 PDT Roland Hughes wrote: > Let us not forget that QML+JavaScript is completely insecure in the > OpenSource world. All of that JavaScript gets stuffed into the binary > you ship as free text. Anyone with a decent text editor can read/extract > your super secret proprietary algorithms. Worse yet, anyone with enough > patience can change a binary in the field.
Then use some filesystem-level protection mechanism like dm-verity. That will prevent replacing the binaries altogether, whether done by the way of editing some text inside or by recompiling. PS: QML is usually not found in clear text inside the binary because rcc attempts to compress and text compresses really well. You need to actually reverse engineer to find the compressed text content. It's not very difficult, but it is one step up from trivial. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel System Software Products _______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest