Details
-
Bug
-
Resolution: Done
-
P2: Important
-
Qt Creator 2.1.0-beta2
-
None
Description
Follow up QTBUG-13775
When starting the qmlobserver, or when debugging QML, it opends a connection that is available from the outside work. A hacker could connect to that port and execute any javascript.
The user should be warned from the creator interface that opening a debug connection is insecure and that he should use a firewall.
Later on, a proper solution with a secret cookie in the debug protocol can be implemented.