[RFC] Security and Features in KPDF

Anders Lund anders at alweb.dk
Mon Jan 3 22:23:32 GMT 2005

On Monday 03 January 2005 21:46, Enrico Ros wrote:
> Well, that's oversemplified. We all agree that the action might be
> dangerous. And in fact the dialog can be like this:
> http://www.dei.unipd.it/~rosenric/temp/before.png
> Notice 'cancel' focused. So the user has to read the advistoy; we have the
> disclaimer; he/she has to click on the checkbox and then:
> http://www.dei.unipd.it/~rosenric/temp/after.png

For one thing, this is misuse of the checkbox widget. The state of a checkbox 
in a dialog is noramlly decisive for how the application behaves *after the 
dialog has been closed*. To show additional content on a dialog, it's common 
to us a button with a double arrow folowing the button text, like 
	[ More Options >> ]

If the mission is to help possibly unexperienced users, we should definately 
not mess with widget usage :)

In this case, maybe a widget in the wizzard style would be better -- press 
'Continue' and see the command. After all the purpose is to slow down the 
user and cause him to thing carefully.

Of cause the coolness factor of clicking a link in a presentation and have a 
command immediately executed vanishes, but hey -- that is why we have 
specialized presenttaion programs isn't it? (or do those just present us with 
the exact same security issue - you can download presentations from the 
internet as well?)

Maybe we should only execute commands from a file that is signed with a valid, 
approved certificate or a trusted pgp key?

FWIW: My mother, who is a unexperienced computer user, reads dialog texts, and 
hates when they are unclear. Since this sort of warning is helpfull to her, I 
allways feel embarrassed on her [still windows] PC's behalf when it displays 
nonsense, which is unfortunately often.

Homepage: http://www.alweb.dk
Jabber address: anderslund at jabber.dk

More information about the kde-core-devel mailing list