[Okular-devel] [Bug 267350] filling out a PDF form saves data to some file i ~/.kde/share/apps/okular/docdata/

Albert Astals Cid aacid at kde.org
Tue Jan 10 07:46:45 UTC 2012


El Dilluns, 9 de gener de 2012, a les 15:57:01, Dan Armbrust va escriure:
> On Wed, Jan 4, 2012 at 11:26 PM,  <jordonwii at gmail.com> wrote:
> > https://bugs.kde.org/show_bug.cgi?id=267350
> >
> >--- Comment #1 from Jackson Peacock <pickled kde pepperedpeacock org> 
> >2011-04-04 03:11:36 --- I just noticed the same issue. I had stored some
> >filled out forms on an encrypted drive. I ran into a bug where the fields
> >I entered didn't weren't being displayed after being saved (not even an
> >empty field). I figured the file had been corrupted so I copied the
> >original blank form over the filled out one. When I opened it all the
> >information I had entered into the form was there despite the file having
> >been overwritten. After looking around I found it had been written to
> >.kde/share/apps/okular/docdata - on an unencrypted drive. This was quite
> >startling to me and not what I expected.
> >
> >I can understand if there are limitations to the PDF format that prevent
> >you from storing the data in the PDF file itself, however you should at
> >least inform the user of where the data is being stored before writing
> >it. Preferably, it should be stored in the same directory as the PDF as
> >well.
> >
> >--- Comment #2 from Jackson Peacock <pickled kde pepperedpeacock org> 
> >2011-04-10 20:04:21 --- Another limitation of doing it this way is that
> >it appears impossible to have multiple copies of the same form filled out
> >differently, even if saved in different directories. For example, I
> >filled out my tax forms, and then created a new directory with the copied
> >blank forms to do my girlfriend's taxes. However, when I opened them they
> >had my value stored in them.
> >
> >The workaround was to rename the forms and then edit them, but it would
> >match user expectations better if each copy of the form had it's own set
> >of values.
> >
> >Finally, I do think the priority on this bug should be higher as it
> >relates to user privacy/security.
> >
> > --- Comment #3 from  <jordonwii gmail com>  2012-01-05 05:26:15 ---
> > Agree with #2. I know the devs are aware of this because there are other
> > issues regarding the opening files and having the form remain being
> > filled out (intentional feature). However, unsure if they are aware of
> > the security implications of this. Developers have any comment?
> 
> I, and several others have pointed this out to the developers of
> okular nearly 2 years ago.
> 
> They are blind, naive, and dare I say foolish. 

You would not dare to say this in my face, so in the future do yourself a 
favour and next time you write an email think if you would say the things you 
are writing in person.

And since you're being agressive you are not worth an answer, or are you of 
that part of people that think than insulting someone will get you a better 
treatment than not insulting him?

Cheers,
  Albert

> They call this a
> "feature" and refuse to acknowledge that it creates security holes all
> over the place.  They have shown no desire to even take the report
> seriously.
> 
> http://mail.kde.org/pipermail/okular-devel/2010-February/006386.html
> 
> Meanwhile, anyone that has ever used okular to fill out a form with
> sensitive information has had that information dumped, in clear text,
> onto whatever computer they happened to be using.  Without their
> knowledge, or permission.
> 
> KDE shouldn't even include this program until they fix this.
> 
> It's a bad, bad, bad design.  Shame on the okular developers for
> continuing to ignore the problem.
> _______________________________________________
> Okular-devel mailing list
> Okular-devel at kde.org
> https://mail.kde.org/mailman/listinfo/okular-devel


More information about the Okular-devel mailing list