Data security

[Ivan Cukic]

> only solution i see, if someone decides to lock an activity is a scary
> and weird dialog that warns that all the files will have to be unlinked
> from all the other activities :/

I don't thing it is necessarily a bad solution (the other possibility 
being be to duplicate files). Obviously - it should be shown only for the 
first time to explain the process to the user.

We can leave the unencrypted activities' files in one folder like it is 
currently.

Pros:
 - no accidental duplication of files - some encrypted while the forgotten 
ones stay somewhere on the disk
 - shows the seriousness of the system - encrypted stuff shouldn't be 
shared
 - it allows us to show a disclaimer that it can never be totally secure 
against theft alongside the above mentioned first-time-usage message

Cons:
 - one feature less for the encrypted activities - documents spanning 
multiple activities.


The other alternative is to keep the spanned documents unencrypted in the 
/common area/ and explain that to the user, but this would be IMO a bad 
approach security-wise.


We can combine both approaches so that the user can choose for each 
document which solution he/she would prefer... but it would produce (IMO) 
an unnecessary UI overhead.


Ch



-- 
There are no such things as applied sciences, only applications of 
science.
  -- Louis Pasteur