[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Outstanding critical issue for KDE 2.2
From: Kurt Granroth <granroth () kde ! org>
Date: 2001-08-02 18:28:00
[Download RAW message or body]
On Wednesday 01 August 2001 07:07 pm, George Staikos wrote:
> To clarify this, I don't mean we are liably in a contractual sense and
> it looks like I wrote. I mean that we are STUPID for knowingly shipping
> functionally broken code and that users should never have used such broken
> code to begin with. The user expects that the lock icon does exactly what
> I outlined, and if it doesn't, then our code has a bug.
Somebody earlier said that "security is not optional". Bullshit. There
always has been and always will be a tradeoff between convenience and
security... the trick is finding the right balance between the two.
Unfortunately, finding the balance is tricky because there are such divergent
opinions on how to handle this. You can tell that's the case when the
mythical User steps in. As in, "The User wants this" or "The User wants
that".
The fact remains is that all sides to the arguement are right. There are
loads of users that haven't the first clue where their data is stored locally
nor do they care. They simply want their form completion to work as
expected. Then there are tons of users that know the security implications
of storing sensitive data to disk and want nothing to do with it. Both user
opinions are valid and they effectively cancel each other out.
Really, the only long term solution to this that I can see is Yet Another
Option. Something like:
Enable Form Completions
( ) Always
( ) Only on unencrypted pages
The other long term option involves having the user enter some password
during every browsing session and encrypting the data to disk. I speak for
myself when I say that hell will freeze over before I enter a password before
all of my browsing sessions (convience vs security again).
Right now, due to the imminent release of KDE 2.2, we are in a no-win
situation. If we keep the code as it is right now (doesn't store numbers,
stores some other data depending on how the form is coded), we will piss off
a decent amount of people who don't want this. If we disable autocompletion
for SSL sites, we will piss off an entire other set of people who except it
to work always. *sigh*
FWIW, I think we should release as-is. It's more secure than what IE does
(the only other place people are used to autocompletion on the web) and
should fail only in rare cases. After 2.2, we can beef it up and do it the
Right Way.
--
Kurt Granroth | http://www.granroth.org
KDE Developer/Evangelist | SuSE Labs Open Source Developer
granroth@kde.org | granroth@suse.com
KDE -- Conquer Your Desktop
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic