[Okular-devel] Security Hole -> Storing PDF Form Data
Albert Astals Cid
aacid at kde.org
Mon Feb 15 21:24:01 CET 2010
A Dissabte, 13 de febrer de 2010, Dan Armbrust va escriure:
> Hi folks,
>
> I started to use Okular to fill out my tax forms today - it appeared
> to deal with the forms correctly. But I was rather puzzled by the
> lack of a "Save" menu option.
>
> Tried Closing and reopening the file, and my data that I entered into
> the forms was still there. Well, thats cool, I guess. But then, I
> opened the file with Adobe Acrobat, and my form data is NOT there.
> That is _not_ cool. Not only does your handling of forms not do what
> _every_ one of your users would expect it to do (store the form data
> in the document being edited)... it gets worse.
>
> This horribly conceived mis-feature to store form data sticks the form
> data in a file other than the PDF document - and then - it doesn't
> even put it next to, say, the PDF document being edited - it puts it
> under ~user/.kde/share/apps/okular/docdata.
What you consider a horribly conceived mis-feature is loved by lots of users.
>
> Hello!
Hi
> You just saved all of my tax information in a clear text document!
Yes.
>
> I keep my PDF tax forms in a TrueCrypt partition for a reason. And
> now okular, with no warning, explanation, or permission has just
> dumped all of my data in essentially a random location, as far as I'm
> concerned.
>
> This is a really really bad idea.
Okular handling of forms and annotation needs to be improved, but at the
moment noone has the time to do it, if you want you are welcome to help, after
all this list is called okular-devel and not okular-users, right?
Albert
>
> Dan
> _______________________________________________
> Okular-devel mailing list
> Okular-devel at kde.org
> https://mail.kde.org/mailman/listinfo/okular-devel
More information about the Okular-devel
mailing list