[Okular-devel] Security Hole -> Storing PDF Form Data

Albert Astals Cid aacid at kde.org
Tue Feb 16 20:29:18 CET 2010 

A Dimarts, 16 de febrer de 2010, Dan Armbrust va escriure:
> >> This horribly conceived mis-feature to store form data sticks the form
> >> data in a file other than the PDF document - and then - it doesn't
> >> even put it next to, say, the PDF document being edited - it puts it
> >> under ~user/.kde/share/apps/okular/docdata.
> > 
> > What you consider a horribly conceived mis-feature is loved by lots of
> > users.
> 
> Like this user?
> https://bugs.kde.org/show_bug.cgi?id=202159
> Or this one?
> https://bugs.kde.org/show_bug.cgi?id=161327

What's there 20 users, that's a whole lot, eh?

> 
> Or any user that downloaded a form, filled it out, "saved" it, and
> sent it to a coworker, only to have it appear blank to them?
> You think that is a feature that is "loved" by users?  At a minimum,
> its totally confusing.
> 
> At worst, it is exposing your users data, without their knowledge.
> Today, if someone downloads a form from their bank, fills it out and
> prints it - without even saving it - Okular has written the data to
> disk, in clear text, in a location completely unknown to most of
> Okulars users.  You really think that your users wanted their PDF
> reader to do this?
> 
> Of course users want Okular to be able to save their form data.  But
> the devil is in the details - and the current implementation is just a
> bad design.
> 
> It would be made remarkably better by two simple changes:
> 
> 1) Put a Save option in the File menu.  Do not autosave.  And ask on
> exit if the file should be saved.  You know, the way that 99% of every
> other user application in existence functions.  And when you do the
> save, create the xml file in the same folder that contains the XML
> file.  With a file name that is the same, plus an extension, or
> something along those lines.
> 
> 2) On the users first save, present them a dialog box that explains
> that Okular doesn't yet save data into the PDF form - it will save the
> data in a second file.
> 
> The current implementation does a huge disservice to all users of
> Okular.  Anyone with a concern for their customers personal data
> security would consider this a security issue that just shouldn't
> exist.

As i said, yes it has a lot of room for improvements, and no, noone of the 
"existing developers" has time to implement these improvements. So if you can 
code we are more than happy to discuss a plan and review your code.

Albert

> 
> Dan
> _______________________________________________
> Okular-devel mailing list
> Okular-devel at kde.org
> https://mail.kde.org/mailman/listinfo/okular-devel

More information about the Okular-devel mailing list