[RFC] Security and Features in KPDF
Anders Lund
anders at alweb.dk
Mon Jan 3 22:23:32 GMT 2005
On Monday 03 January 2005 21:46, Enrico Ros wrote:
> Well, that's oversemplified. We all agree that the action might be
> dangerous. And in fact the dialog can be like this:
>
> http://www.dei.unipd.it/~rosenric/temp/before.png
>
> Notice 'cancel' focused. So the user has to read the advistoy; we have the
> disclaimer; he/she has to click on the checkbox and then:
>
> http://www.dei.unipd.it/~rosenric/temp/after.png
For one thing, this is misuse of the checkbox widget. The state of a checkbox
in a dialog is noramlly decisive for how the application behaves *after the
dialog has been closed*. To show additional content on a dialog, it's common
to us a button with a double arrow folowing the button text, like
[ More Options >> ]
If the mission is to help possibly unexperienced users, we should definately
not mess with widget usage :)
In this case, maybe a widget in the wizzard style would be better -- press
'Continue' and see the command. After all the purpose is to slow down the
user and cause him to thing carefully.
Of cause the coolness factor of clicking a link in a presentation and have a
command immediately executed vanishes, but hey -- that is why we have
specialized presenttaion programs isn't it? (or do those just present us with
the exact same security issue - you can download presentations from the
internet as well?)
Maybe we should only execute commands from a file that is signed with a valid,
approved certificate or a trusted pgp key?
FWIW: My mother, who is a unexperienced computer user, reads dialog texts, and
hates when they are unclear. Since this sort of warning is helpfull to her, I
allways feel embarrassed on her [still windows] PC's behalf when it displays
nonsense, which is unfortunately often.
-anders
--
Homepage: http://www.alweb.dk
Jabber address: anderslund at jabber.dk
More information about the kde-core-devel
mailing list