[Okular-devel] [okular] [Bug 317856] New: [okular] saves opened file metadata in ~/.kde/share/apps/okular/docdata/ which can leak info, use hash instead
Marek Otahal
markotahal at gmail.com
Fri Apr 5 00:35:16 UTC 2013
https://bugs.kde.org/show_bug.cgi?id=317856
Bug ID: 317856
Summary: [okular] saves opened file metadata in
~/.kde/share/apps/okular/docdata/ which can leak info,
use hash instead
Classification: Unclassified
Product: okular
Version: 0.16.2
Platform: Other
OS: Linux
Status: UNCONFIRMED
Severity: wishlist
Priority: NOR
Component: general
Assignee: okular-devel at kde.org
Reporter: markotahal at gmail.com
okular save information aboud _ever opened_ files in a folder
(~/.kde/share/apps/okular/docdata/) where files are described as <some
number>.<filename>.pdf.xml
For security reasons I suggest using a hash of a file name instead. This leads
to better privacy (not ultimate, of course) if someone wanted to check what the
user has read.
Thoughts:
1/ include absolute path in the name hash, so a/my.pdf and b/my.pdf are treated
differently - its a question if such a behavior is a bug, or a feature.
2/ include size in bytes in name-hash, so different files named the same are
handeled.
2.1/ what about comments to file, filled in form fields - do they change file
size? (pdf)
Thanks for consideration.
Cheers, mark
Reproducible: Always
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Okular-devel
mailing list