Back to Doc.qt.io
Contact Us Blog Download Qt

Qt GRPC Security Considerations

If you are using Qt GRPC, consider security aspects to protect users, network traffic, and hardware from threats.

Here are some strategies to consider:

  • Use encryption when sending or receiving data. Encrypted data adds protection against eavesdropping and similar attacks. Qt Network provides support for TLS encryption which can use different TLS backends and ciphers. For more information, see Secure Sockets Layer (SSL) Classes.
  • Use strong authentication and authorization mechanisms. To accommodate different users on different platforms, you may choose to use several OAuth2 and OpenID-based services. Qt offers support for these APIs through the Qt Network Authorization module.
  • Validate and process untrusted data safely. Input fields and other incoming data are vulnerable to injection attacks. For more information, see Handling Untrusted Data.
  • Limit the maximum incoming message size. By default, QtGrpc rejects incoming messages larger than 4 MiB (matching the gRPC specification). The limit applies to the decoded gRPC frame payload after transport-level decryption and any per-message decompression. You can raise, lower, or remove this limit per channel or per individual RPC using QGrpcChannelOptions::setMaximumReceiveMessageSize() or QGrpcCallOptions::setMaximumReceiveMessageSize(). A value of 0 disables the QtGrpc receive size limit; the effective maximum size is then determined by the underlying channel implementation. The environment variable QT_GRPC_MAXIMUM_RECEIVE_MESSAGE_SIZE sets a global fallback used only when no C++ option is configured. The value is sampled once per channel construction.
  • Set rate limits and monitor traffic to prevent misuse. Qt GRPC can be vulnerable to denial-of-service attacks and setting limits and thorough testing can help with reducing the risk of traffic overload.
  • Update your environment to fix security vulnerabilities. System hardware should be updated to use the latest security features and fixes.

For more information about using Qt GPRC, visit the Qt GRPC Client Guide.

For other security topics, visit the Security in Qt page.

© 2026 The Qt Company Ltd. Documentation contributions included herein are the copyrights of their respective owners. The documentation provided herein is licensed under the terms of the GNU Free Documentation License version 1.3 as published by the Free Software Foundation. Qt and respective logos are trademarks of The Qt Company Ltd. in Finland and/or other countries worldwide. All other trademarks are property of their respective owners.