[Okular-devel] [okular] [Bug 317856] New: [okular] saves opened file metadata in ~/.kde/share/apps/okular/docdata/ which can leak info, use hash instead

[Marek Otahal]

https://bugs.kde.org/show_bug.cgi?id=317856

            Bug ID: 317856
           Summary: [okular] saves opened file metadata in
                    ~/.kde/share/apps/okular/docdata/ which can leak info,
                    use hash instead
    Classification: Unclassified
           Product: okular
           Version: 0.16.2
          Platform: Other
                OS: Linux
            Status: UNCONFIRMED
          Severity: wishlist
          Priority: NOR
         Component: general
          Assignee: okular-devel at kde.org
          Reporter: markotahal at gmail.com

okular save information aboud _ever opened_ files in a folder
(~/.kde/share/apps/okular/docdata/) where files are described as <some
number>.<filename>.pdf.xml

For security reasons I suggest using a hash of a file name instead. This leads
to better privacy (not ultimate, of course) if someone wanted to check what the
user has read. 

Thoughts: 
1/ include absolute path in the name hash, so a/my.pdf and b/my.pdf are treated
differently - its a question if such a behavior is a bug, or a feature.

2/ include size in bytes in name-hash, so different files named the same are
handeled. 
2.1/ what about comments to file, filled in form fields - do they change file
size? (pdf)

Thanks for consideration. 
Cheers, mark


Reproducible: Always

-- 
You are receiving this mail because:
You are the assignee for the bug.