[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Outstanding critical issue for KDE 2.2
From:       Kurt Granroth <granroth () kde ! org>
Date:       2001-08-02 18:28:00
[Download RAW message or body]

On Wednesday 01 August 2001 07:07 pm, George Staikos wrote:
> To clarify this, I don't mean we are liably in a contractual sense and
> it looks like I wrote.  I mean that we are STUPID for knowingly shipping
> functionally broken code and that users should never have used such broken
> code to begin with.  The user expects that the lock icon does exactly what
> I outlined, and if it doesn't, then our code has a bug.

Somebody earlier said that "security is not optional".  Bullshit.  There 
always has been and always will be a tradeoff between convenience and 
security... the trick is finding the right balance between the two.  
Unfortunately, finding the balance is tricky because there are such divergent 
opinions on how to handle this.  You can tell that's the case when the 
mythical User steps in.  As in, "The User wants this" or "The User wants 
that".

The fact remains is that all sides to the arguement are right.  There are 
loads of users that haven't the first clue where their data is stored locally 
nor do they care.  They simply want their form completion to work as 
expected.  Then there are tons of users that know the security implications 
of storing sensitive data to disk and want nothing to do with it.  Both user 
opinions are valid and they effectively cancel each other out.

Really, the only long term solution to this that I can see is Yet Another 
Option.  Something like:

 Enable Form Completions
 ( ) Always
 ( ) Only on unencrypted pages

The other long term option involves having the user enter some password 
during every browsing session and encrypting the data to disk.  I speak for 
myself when I say that hell will freeze over before I enter a password before 
all of my browsing sessions (convience vs security again).

Right now, due to the imminent release of KDE 2.2, we are in a no-win 
situation.  If we keep the code as it is right now (doesn't store numbers, 
stores some other data depending on how the form is coded), we will piss off 
a decent amount of people who don't want this.  If we disable autocompletion 
for SSL sites, we will piss off an entire other set of people who except it 
to work always.  *sigh*

FWIW, I think we should release as-is.  It's more secure than what IE does 
(the only other place people are used to autocompletion on the web) and 
should fail only in rare cases.  After 2.2, we can beef it up and do it the 
Right Way.
-- 
Kurt Granroth            | http://www.granroth.org
KDE Developer/Evangelist | SuSE Labs Open Source Developer
granroth@kde.org         | granroth@suse.com
            KDE -- Conquer Your Desktop

[prev in list] [next in list] [prev in thread] [next in thread]