[Bug 299987] Automatically accept file transfers

[Martin Klapetek]

https://bugs.kde.org/show_bug.cgi?id=299987

--- Comment #9 from Martin Klapetek <martin.klapetek at gmail.com> ---
> Skype allows you to do that, and I think it's quite useful when you are away 
> (because you cannot accept it) or when you are busy (because you don't 
> want dialogs disturbing you.

The other thing is - who sends files without communicating by chat first and
getting confirmation from the other side ("sure, send it")?

> I don't see a big security risk, the option will be disabled by default and the 
> file is not run, is just saved... 

Getting the file inside the computer is the first thing ;)

> And by the way, did anyone ever reject a file transfer from one of his 
> contacts?

I believe you cannot generalize this. I have ~150 contacts on GTalk, half of
which I don't know personally but I have them there because G+ adds everybody
automatically. So if some of these people would send me some file, I would most
probably deny it. 

Actually thinking about it - with the auto-accept enabled only when away it's
even worse. Suppose you have some contact in your list (even a bot/virus), who
wants to do damage to your machine. He knows when you are away (either sees you
or by other means), so he just waits until you're away and then send you a
file, which could be a malicious file and by auto-accepting it it will get it
through to your computer. There's still a possibility of some remote
access/hijacking all this. And this would all happen while you're away from
your computer, not knowing anything that's going on.

> We should have some way to let the ft-handler know that the channel was 
> automatically accepted and that it should just rename the file without 
> asking.
>Any idea about how to do it?

I think we're doing something similar with the text channel - we're passing
some window state hints. David?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.