[Okular-devel] [Bug 267350] filling out a PDF form saves data to some file i ~/.kde/share/apps/okular/docdata/

Tue Jan 17 00:39:57 GMT 2012

Kevin Krammer posted on Sun, 15 Jan 2012 18:08:31 +0100 as excerpted:

> On Sunday, 2012-01-15, Dan Armbrust wrote:
>> > Hmm. Most software with autocompletion support does that. E.g.
>> > browsers,
>> > email programs.
>> 
>> They also ask your permission first.
> 
> Interesting. Neither Konqueror, Firefox, KMail or Thunderbird have asked
> me whether I wanted to store form data.
> Can you attach a screenshot of an application asking that?

I don't know about asking, but it's a preferences setting.  There's also 
the "private browsing" or whatever the app decides to call it, mode, 
where everything (cookies, form completion, browsing history, etc) is 
forgotten, tho that normally has to be specifically toggled on.

While I consider this is a good thing and would appreciate the option in 
okular as well, it's not something that fits well with the previously 
chosen example of a public kiosk, library computer, or other shared 
computer (my folks worked at a mission in El Salvador for awhile; 
everybody shared the same computer and could read email, etc, unless it 
was web-based, but of course then if the browser is set to save cookies 
and remember form-fills...), since because in most cases it doesn't 
prompt every time, a user accustomed to using a private computer and not 
worrying about it isn't likely to realize the danger and verify settings 
on a public computer, either.

I wonder how many facebook/myspace/twitter/etc users have had their 
accounts hacked simply thru use of a friend's computer or one at the 
library, and being careless about the "remember me" settings, etc, that 
most sites have (that usually control the site's cookie settings) on 
their logins?  Not to mention banks...  Sure, a responsible kiosk 
operator will have setup responsible settings, but then again, it could 
be argued that a responsible kiosk operator would wipe or entirely reimage 
between users, as well.  There's a lot of users caught-out that way, I'm 
sure.

So yes, I agree an option would be nice, and having a clear-data function 
would be EXCELLENT, but I don't believe the kiosk example was 
particularly apropos, given the commonly accepted behavior of most 
browsers, etc, extended to the same kiosk example.  

>> And they have an off switch.
>> And, they definitely don't autocomplete fields which are know to
>> contain private info - aka - passwords.  Unless you go through another
>> dialog telling it to remember the password.  And they give you a menu
>> option to clear it.  And, most browsers now have a "don't remember
>> anything" mode.
>>  Okular has none of those.
> 
> Right, hence the recommendation for lobby for an implementation doing
> that.

Actually, I wonder if this idea could get a bit more traction in view of 
the new ksecrets thing?  That'd play off the whole fascination with the 
new and shiny technology thing, instead of being seen as the drudge-work 
that hooking up to kwallet or just implementing an ordinary don't-save 
option and clear-saved button.

That's where I'd try to take it at this point, since ksecrets IS new and 
shiny and fascinating! =:^)

>> > However I don't see any facts supporting the claim of "virus like
>> > behavior".
>> 
>> Hiding users data without permission and without the users knowledge
>> certainly is virus like behavior.
> 
> No, virus behavior is attaching itself with the purpose of distribution
> and spreading.
> I don't think Okular is doing either.

It seems he's using "virus" not in the technically narrow "virus" sense, 
but in the broader "malware" sense, inclusive of trojans, etc.  While 
okular really can't be considered a virus in the technically narrow sense 
(as you pointed out), certainly, the argument here is that it's behaving 
like a trojan, so if one accepts an extremely fuzzy definition of virus 
that really means something more like malware in general.  While I would 
have certainly chosen "malware" or "trojan" instead of "virus", here, 
with a suitably fuzzy definition, I do see his point.

That said, while I see his position and certainly agree that a don't save 
data option and clear saved data button would be useful, I certainly 
don't consider it a problem on the order of, say, konqueror not having 
proper security certificate management for two years after kde was 
declared ready for ordinary users with 4.2... (finally fixed in 4.6, IIRC) 
in an era with both internet banking and the compromise of entire 
certificate authorities!  That was a FAR more serious breach of the 
public trust, IMO, while this one's an "it would be nice" thing, a rather 
vast difference in priority.  As I've stated before, the "it's only a 
toy, use a real browser if it matters" attitude toward konqueror is one 
of the big reasons I switched to firefox.

>> > I would recommend lobbying for secure storage of form completion data
>> > like other form completing programs do.
>> 
>> I doubt it would help.
> 
> I wouldn't be so sure.

Same here, particularly with the new ksecrets angle to explore.  If I 
were an okular dev I think I might jump on this one just for the 
opportunity to play with that!  =:^)

Of course, since ksecrets is itself rather immature at this point, taking 
that approach could mean no real fix until 4.9 or 4.10, but given the 
time it has been already, and the priority I've already stated I rank 
this as, that's certainly better than not seeing the feature at all!

BTW, Kevin, any wild guess or informed opinion on how long kde4 will 
continue with the semi-annual feature updates, given kde5 in the wings?

My WAG is that 4.9's reasonably safe on a six-month cycle, but that the 
focus on kde4 might be rather less after that, and that while it's 
reasonably likely there will be a 4.10, I suspect that we might not see a 
4.11, that 4.10 might slip from six months to say 9 months from 4.9, and 
that the monthly bugfix updates will similarly slip to 2-3 months around 
the same time period, with devs focusing then on kde5.

As such, as soon as I start using double-digit minors, I begin to wonder 
if say 4.11 and beyond is looking ridiculous and it'll be 5.x by then 
instead.

Of course as others have said, I expect kde5 to be a rather minor deal 
compared to kde4, and that it'll be handled rather better.  But I just 
wonder every time I put something a year or more off, thus 4.10 timeframe 
or beyond, and wonder how your of course very tentative at this point 
speculation compares to mine.  Note that I'm **NOT** asking for a 5.0 
release date prediction, since the above assumes a stretching out of the 
4.x releases schedule as the devs naturally focus more on kde5, and I 
/do/ hope and expect that (unlike kde3) kde4 bugfix releases at least, 
will continue for awhile after kde5 release, altho at a much slowed down 
rate, maybe 2-3 such 4.10.x releases after 5.0... at say six month 
intervals compared to the current monthly, thus yielding a couple years 
of overlapped support to help avoid an early 4.x repeat.

Does that sound reasonable, or are there bad assumptions there, such that 
we're likely to see a 4.11 and 4.12 at the current schedule, or OTOH, 
won't get to 4.10?

Any guess on wayland support?  Maybe not for 4.x but for 5.x?  If so, do 
you think it'll make 5.0?

> Hmm. I haven't used Okular's implementation yet but generally I find
> form completion support to be rather useful. I used it all the times
> when filling in web forms or completing email addresses.

++  =:^)

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

___________________________________________________
This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.