 |
 |
> > On Dec 2, 2023, at 9:52 AM, charles meyer <[log in to unmask]> wrote: > > Thank you Erich and Thomas. > > I now have a better understanding of QR codes. > > Is there something I can do to protect the "text" in my QR code? Not really. A QR code is just a way to encode information. In this case, it’s a URL, so you sort of have two bits of text (the URL, vs the content at the URL) > You can imagine how some fraudster might want to manulute or misuse it? If they’re trying to change your information, for the case where it’s a URL pointing to a website they could try to hack the website or screw with name arrive to try to serve alternate information, but you have to ask what the payoff is for doing this. If it’s some big name company or government agency, maybe there’s reason to do it… for the average person, likely not. You could of course do something like encode a full vCard in the QR code, but then that means you need to give everyone a new QR code when any of the information changes, so it removes the ability to have an ‘active’ page of information. > Can I pw protect it? you can password protect the website that it’s pointing to, but that likely defeats the purpose of having a QR code in the first place. > It might seem cool one day to be able to add graphics (logo) and a live > link to the QR code but with that comes vulnerabilities. If it’s an online QR code, yes, that introduces the ability to attack the image… but if it’s online, you might as well just have a regular link (which could also be attacked), unless the goal is for someone to be able to view the page on one device (TV, desktop), and then easily transfer the information to their phone. And technically, the digital image itself has the possibility of being an attack vector, as there have been JPEG Library exploits out there. (I had to shut down the server that hosted our project’s ticket tracking software because someone had uploaded an image that said ‘I hacked your machine’, and NASA security insisted that we had been hacked, but it was because you could attach a screen shot with your trouble ticket… but months later, after I had rebuilt the server (from original media, re-hardened it, reconfigured everything, went through the authority to operate procedures, reloaded the data, waited for the shuttle to come down (as no network changes allowed when it was up), got everything back online, etc… then months later a virus scanner flagged the uploaded file (in a backup partition) as being a Trojan horse) And adding images to the QR code is no big deal… there are specifications for doing so, you just need to find a QR code generator that supports it. -Joe (Still no affiliation) (Unless you could volunteer stuff that has absolutely nothing to do with programming and/or libraries)