From 334b0be3c709379018a57f7ee9d0792961bcc56f Mon Sep 17 00:00:00 2001 From: Jerome Pasion Date: Thu, 28 Aug 2025 13:21:34 +0200 Subject: [PATCH] Doc: Add security considerations page -A list of basic security topics when implementing gRPC -Add links to other modules and relevant pages. Task-number: QTBUG-138812 Pick-to: 6.9 Change-Id: I523f07cb516641771eb1457091f381a2e09b0026 Reviewed-by: Alexey Edelev Reviewed-by: Dennis Oberst (cherry picked from commit c6cd23770d449e25c594da8eaaedcca38dea96f8) Reviewed-by: Qt Cherry-pick Bot --- src/grpc/doc/qtgrpc.qdocconf | 2 +- src/grpc/doc/src/qtgrpc-index.qdoc | 1 + src/grpc/doc/src/qtgrpc-security.qdoc | 45 +++++++++++++++++++++++++++ 3 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 src/grpc/doc/src/qtgrpc-security.qdoc diff --git a/src/grpc/doc/qtgrpc.qdocconf b/src/grpc/doc/qtgrpc.qdocconf index ab0502d8..d87009ad 100644 --- a/src/grpc/doc/qtgrpc.qdocconf +++ b/src/grpc/doc/qtgrpc.qdocconf @@ -38,7 +38,7 @@ qhp.QtGrpc.subprojects.manual.title = Qt GRPC qhp.QtGrpc.subprojects.manual.indexTitle = Qt GRPC module topics qhp.QtGrpc.subprojects.manual.type = manual -depends += qtdoc qtcore qtnetwork qtwidgets qtprotobuf qtcmake qtqml qtquick qtquickcontrols +depends += qtdoc qtcore qtnetwork qtwidgets qtprotobuf qtcmake qtqml qtquick qtquickcontrols qtnetworkauth {headerdirs,sourcedirs} += .. \ ../../grpcquick diff --git a/src/grpc/doc/src/qtgrpc-index.qdoc b/src/grpc/doc/src/qtgrpc-index.qdoc index b319c400..ffe4de31 100644 --- a/src/grpc/doc/src/qtgrpc-index.qdoc +++ b/src/grpc/doc/src/qtgrpc-index.qdoc @@ -81,6 +81,7 @@ \list \li \l{clientguide} {Qt GRPC Client Guide} \li \l{CMake Commands in Qt6 GRPC} + \li \l{Qt GRPC Security Considerations} \endlist \section1 References diff --git a/src/grpc/doc/src/qtgrpc-security.qdoc b/src/grpc/doc/src/qtgrpc-security.qdoc new file mode 100644 index 00000000..918b1d44 --- /dev/null +++ b/src/grpc/doc/src/qtgrpc-security.qdoc @@ -0,0 +1,45 @@ +// Copyright (C) 2025 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only + +/*! + \page qtgrpc-security.html + \title Qt GRPC Security Considerations + + \brief Security considerations for Qt GRPC + + If you are using \l{Qt GRPC}, consider security aspects + to protect users, network traffic, and hardware from threats. + + Here are some strategies to consider: + \list + \li Use encryption when sending or receiving data. Encrypted data + adds protection against eavesdropping and similar attacks. + \l{Qt Network} provides support for TLS encryption which can use + different TLS backends and ciphers. For more information, see + \l{Secure Sockets Layer (SSL) Classes}. + + \li Use strong authentication and authorization mechanisms. + To accommodate different users on different platforms, you may choose + to use several OAuth2 and OpenID-based services. Qt offers support + for these APIs through the \l{Qt Network Authorization} module. + + \li Validate and process untrusted data safely. Input fields and other + incoming data are vulnerable to injection attacks. + For more information, see \l{Handling Untrusted Data}. + + \li Set rate limits and monitor traffic to prevent misuse. + Qt GRPC can be vulnerable to denial-of-service attacks and setting + limits and thorough testing can help with reducing the risk of + traffic overload. + + \li Update your environment to fix security vulnerabilities. + System hardware should be updated to use the latest security features + and fixes. + \endlist + + For more information about using Qt GPRC, visit the + \l{Qt GRPC Client Guide}. + + For other security topics, visit the \l{Security in Qt} page. + +*/