[Okular-devel] Security Hole -> Storing PDF Form Data
Dan Armbrust
daniel.armbrust.list at gmail.com
Sun Feb 14 00:43:13 CET 2010
Hi folks,
I started to use Okular to fill out my tax forms today - it appeared
to deal with the forms correctly. But I was rather puzzled by the
lack of a "Save" menu option.
Tried Closing and reopening the file, and my data that I entered into
the forms was still there. Well, thats cool, I guess. But then, I
opened the file with Adobe Acrobat, and my form data is NOT there.
That is _not_ cool. Not only does your handling of forms not do what
_every_ one of your users would expect it to do (store the form data
in the document being edited)... it gets worse.
This horribly conceived mis-feature to store form data sticks the form
data in a file other than the PDF document - and then - it doesn't
even put it next to, say, the PDF document being edited - it puts it
under ~user/.kde/share/apps/okular/docdata.
Hello! You just saved all of my tax information in a clear text document!
I keep my PDF tax forms in a TrueCrypt partition for a reason. And
now okular, with no warning, explanation, or permission has just
dumped all of my data in essentially a random location, as far as I'm
concerned.
This is a really really bad idea.
Dan
More information about the Okular-devel
mailing list