问题
I'm wondering whether it is safe to place passwords directly in the Dart code like below. Does Flutter remove the code when compiling it for release? Of course I want to make sure that the code cannot be decompiled such that the username and password can be extracted.
bool get isInDebugMode {
bool inDebugMode = false;
assert(inDebugMode = true);
return inDebugMode;
}
if(inDebugMode){
emailController.text = 'random@email.com';
passwordController.text = 'secret';
}
回答1:
Tree-shaking removes that code when inDebugMode is a const value.
"safe" is a strong word for that though even when tree-shaking removes the code.
You could make a mistake that causes tree-shaking to retain the code.
You probably commit the code to a CVS repo.
...
You can use
- a const value
const bool isProduction = bool.fromEnvironment('dart.vm.product');
if(isProduction) {
...
}
different
lib/main.dartfiles withflutter run -t lib/debug_main.dartor the assert method as mentioned (see also How to exclude debug code)
回答2:
The code you provided won't be tree-shaked. As isInDebugMode isn't a constant.
Instead you can use an assert this way:
assert(() {
emailController.text = 'random@email.com';
passwordController.text = 'secret';
return true;
}());
来源:https://stackoverflow.com/questions/53225385/does-flutter-remove-debug-mode-code-when-compiling-for-release