external link in KPDF

[Bertrand Haut]

Hi,

>some times ago there was an implementation for KPDF which allows to
>execute an application which is specified in the PDF document.
>
>The implementation was criticized by some developers because of security
>concerns.

I unearth this old thread
http://lists.kde.org/?l=kde-core-devel&m=110470798901386&w=2
in the hope that this very usefull feature may comeback in kpdf. 

Apparently the main issue was the potential security problem and the fact that 
some users which don't read/understand the popup dialogs must be protected. I 
think a simple way to tacke this problem is the following:
- By default the execution of external link is not allowed and a dialog warn 
the user that the command is not executed (like now).
- The user can activate an option deep in the menus (something like 
Settings->configure kpdf->Security) where the potential security problem is 
clearly stated. When this option is checked, each time the user click on a 
link, a confirmation box with the command is presented to the user.

With this scheme, the basic users never see a question so they can't make a 
big mistake. Since this feature is seldom used, there is no reason for the 
distributions to change the default settings.

This feature is, in some case, very usefull. I'm currently building a 
presentation and, at the middle of the presentation, I want to launch a 
simulation to illustrate what I'm saying. I'm unable to use kpdf to make my 
presentation. The only way to operate is to use the old xpdf.

In the hope to see back this feature,
-- 
Bertrand Haut
ICQ:48978874
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20061124/5580ac7c/attachment.sig>