[Okular-devel] Security Hole -> Storing PDF Form Data
Albert Astals Cid
aacid at kde.org
Tue Feb 16 20:29:18 CET 2010
A Dimarts, 16 de febrer de 2010, Dan Armbrust va escriure:
> >> This horribly conceived mis-feature to store form data sticks the form
> >> data in a file other than the PDF document - and then - it doesn't
> >> even put it next to, say, the PDF document being edited - it puts it
> >> under ~user/.kde/share/apps/okular/docdata.
> >
> > What you consider a horribly conceived mis-feature is loved by lots of
> > users.
>
> Like this user?
> https://bugs.kde.org/show_bug.cgi?id=202159
> Or this one?
> https://bugs.kde.org/show_bug.cgi?id=161327
What's there 20 users, that's a whole lot, eh?
>
> Or any user that downloaded a form, filled it out, "saved" it, and
> sent it to a coworker, only to have it appear blank to them?
> You think that is a feature that is "loved" by users? At a minimum,
> its totally confusing.
>
> At worst, it is exposing your users data, without their knowledge.
> Today, if someone downloads a form from their bank, fills it out and
> prints it - without even saving it - Okular has written the data to
> disk, in clear text, in a location completely unknown to most of
> Okulars users. You really think that your users wanted their PDF
> reader to do this?
>
> Of course users want Okular to be able to save their form data. But
> the devil is in the details - and the current implementation is just a
> bad design.
>
> It would be made remarkably better by two simple changes:
>
> 1) Put a Save option in the File menu. Do not autosave. And ask on
> exit if the file should be saved. You know, the way that 99% of every
> other user application in existence functions. And when you do the
> save, create the xml file in the same folder that contains the XML
> file. With a file name that is the same, plus an extension, or
> something along those lines.
>
> 2) On the users first save, present them a dialog box that explains
> that Okular doesn't yet save data into the PDF form - it will save the
> data in a second file.
>
> The current implementation does a huge disservice to all users of
> Okular. Anyone with a concern for their customers personal data
> security would consider this a security issue that just shouldn't
> exist.
As i said, yes it has a lot of room for improvements, and no, noone of the
"existing developers" has time to implement these improvements. So if you can
code we are more than happy to discuss a plan and review your code.
Albert
>
> Dan
> _______________________________________________
> Okular-devel mailing list
> Okular-devel at kde.org
> https://mail.kde.org/mailman/listinfo/okular-devel
More information about the Okular-devel
mailing list