Doc: Add security considerations page

-A list of basic security topics when implementing gRPC -Add links to other modules and relevant pages. Task-number: QTBUG-138812 Pick-to: 6.9 Change-Id: I523f07cb516641771eb1457091f381a2e09b0026 Reviewed-by: Alexey Edelev <alexey.edelev@qt.io> Reviewed-by: Dennis Oberst <dennis.oberst@qt.io> (cherry picked from commit c6cd23770d) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
2025-08-28 13:21:34 +02:00 · 2025-08-28 13:21:34 +02:00 · 334b0be3c7
parent 0fdf272845
commit 334b0be3c7
3 changed files with 47 additions and 1 deletions
--- a/src/grpc/doc/qtgrpc.qdocconf
+++ b/src/grpc/doc/qtgrpc.qdocconf
@ -38,7 +38,7 @@ qhp.QtGrpc.subprojects.manual.title = Qt GRPC
 qhp.QtGrpc.subprojects.manual.indexTitle = Qt GRPC module topics
 qhp.QtGrpc.subprojects.manual.type = manual

-depends += qtdoc qtcore qtnetwork qtwidgets qtprotobuf qtcmake qtqml qtquick qtquickcontrols
+depends += qtdoc qtcore qtnetwork qtwidgets qtprotobuf qtcmake qtqml qtquick qtquickcontrols qtnetworkauth

 {headerdirs,sourcedirs}  += .. \
                            ../../grpcquick
--- a/src/grpc/doc/src/qtgrpc-index.qdoc
+++ b/src/grpc/doc/src/qtgrpc-index.qdoc
@ -81,6 +81,7 @@
    \list
        \li \l{clientguide} {Qt GRPC Client Guide}
        \li \l{CMake Commands in Qt6 GRPC}
+        \li \l{Qt GRPC Security Considerations}
    \endlist

    \section1 References
--- a/src/grpc/doc/src/qtgrpc-security.qdoc
+++ b/src/grpc/doc/src/qtgrpc-security.qdoc
@ -0,0 +1,45 @@
+// Copyright (C) 2025 The Qt Company Ltd.
+// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only
+
+/*!
+    \page qtgrpc-security.html
+    \title Qt GRPC Security Considerations
+
+    \brief Security considerations for Qt GRPC
+
+    If you are using \l{Qt GRPC}, consider security aspects
+    to protect users, network traffic, and hardware from threats.
+
+    Here are some strategies to consider:
+    \list
+    \li Use encryption when sending or receiving data. Encrypted data
+        adds protection against eavesdropping and similar attacks.
+        \l{Qt Network} provides support for TLS encryption which can use
+        different TLS backends and ciphers. For more information, see
+        \l{Secure Sockets Layer (SSL) Classes}.
+
+    \li Use strong authentication and authorization mechanisms.
+        To accommodate different users on different platforms, you may choose
+        to use several OAuth2 and OpenID-based services. Qt offers support
+        for these APIs through the \l{Qt Network Authorization} module.
+
+    \li Validate and process untrusted data safely. Input fields and other
+        incoming data are vulnerable to injection attacks.
+        For more information, see \l{Handling Untrusted Data}.
+
+    \li Set rate limits and monitor traffic to prevent misuse.
+        Qt GRPC can be vulnerable to denial-of-service attacks and setting
+        limits and thorough testing can help with reducing the risk of
+        traffic overload.
+
+    \li Update your environment to fix security vulnerabilities.
+        System hardware should be updated to use the latest security features
+        and fixes.
+    \endlist
+
+    For more information about using Qt GPRC, visit the
+    \l{Qt GRPC Client Guide}.
+
+    For other security topics, visit the \l{Security in Qt} page.
+
+*/