[Okular-devel] Security Hole -> Storing PDF Form Data

Dan Armbrust daniel.armbrust.list at gmail.com
Tue Feb 16 16:13:49 CET 2010


>>
>> This horribly conceived mis-feature to store form data sticks the form
>> data in a file other than the PDF document - and then - it doesn't
>> even put it next to, say, the PDF document being edited - it puts it
>> under ~user/.kde/share/apps/okular/docdata.
>
> What you consider a horribly conceived mis-feature is loved by lots of users.
>

Like this user?
https://bugs.kde.org/show_bug.cgi?id=202159
Or this one?
https://bugs.kde.org/show_bug.cgi?id=161327

Or any user that downloaded a form, filled it out, "saved" it, and
sent it to a coworker, only to have it appear blank to them?
You think that is a feature that is "loved" by users?  At a minimum,
its totally confusing.

At worst, it is exposing your users data, without their knowledge.
Today, if someone downloads a form from their bank, fills it out and
prints it - without even saving it - Okular has written the data to
disk, in clear text, in a location completely unknown to most of
Okulars users.  You really think that your users wanted their PDF
reader to do this?

Of course users want Okular to be able to save their form data.  But
the devil is in the details - and the current implementation is just a
bad design.

It would be made remarkably better by two simple changes:

1) Put a Save option in the File menu.  Do not autosave.  And ask on
exit if the file should be saved.  You know, the way that 99% of every
other user application in existence functions.  And when you do the
save, create the xml file in the same folder that contains the XML
file.  With a file name that is the same, plus an extension, or
something along those lines.

2) On the users first save, present them a dialog box that explains
that Okular doesn't yet save data into the PDF form - it will save the
data in a second file.

The current implementation does a huge disservice to all users of
Okular.  Anyone with a concern for their customers personal data
security would consider this a security issue that just shouldn't
exist.

Dan


More information about the Okular-devel mailing list