Is this possible to edit embedded resources in Qt application?

Question

I'm using Qt resource system to store images used in GUI and encrypted passwords of database. I want to store passwords and let users to change them. The application should be able to remember passwords. So I would like to store newly created encrypted password in application itself (same way as resources are embedded).

Currently I'm saving the password file in application resource at compile time. And after compile password is unchangeable.

Answer 1

What you're trying to do is very bad style. An application should never need to modify its own executable. In a well administered system, users of applications can't write to the installation directory anyway. Use QSettings, that's what it's for. You can store it in an .ini file instead of the registry if you really wish to do so.

Make sure that for passwords you use a one-way function -- a cryptographically strong hash, not encryption. Encryption is two-way by definition: you can encrypt, and then decrypt. If you consider yourself a professional, you won't ever want to use the word encryption interchangeably with one-way function (a hash). They are very different things, and you will, and should, get scolded -- how would I know what you really mean, whether you're merely loose with your language, or proposing something inherently unsafe.

With passwords, you never ever want to allow decryption. If someone supplies a password to check, you encrypt, then compare encrypted versions. That way it's hard to recover the original password (likely used by Vinnie in the H.R. for her Facebook account and for boss's company bank account, too). Make sure that you salt your hash to prevent rainbow table attacks. You probably should ensure you know what you are doing: educate yourself in that area. No one is born with it. Let's avert yet another home-baked unsafe password scheme... there's too many of them, done by people who think that without knowing anything about the subject, they will, somehow produce a reasonably secure application. Reality, alas, cannot be fooled here, and not knowing usually means someone who does know will, eventually, look at your code (perhaps reverse engineer it), and ridicule it... End rant.