On Thursday 02 August 2001 11:28 am, Kurt Granroth wrote:
> The fact remains is that all sides to the arguement are right.  There are
> loads of users that haven't the first clue where their data is stored
> locally nor do they care.  They simply want their form completion to work
> as expected.  Then there are tons of users that know the security
> implications of storing sensitive data to disk and want nothing to do with
> it.  Both user opinions are valid and they effectively cancel each other
> out.

Yes, but as a software designer you are responsible to make the right 
decissions for the first group. Nobody wants his credit card information 
disclosed without his consent, however, not all users understand that form 
completion may increase the likelihood of that happening significantly.

Someone mentioned in this thread "only he had access to his harddisk". Sure, 
just like the person whose tax-return was mailed to me the other day by the 
sircam virus. Don't comfort yourself in the mistaken believe that that can't 
happen on a Linux system, with 5% market share it may be unlikely, but not 
with 50% and last time I checked KMail still had bugs. Each of those bugs may 
enable a sircam-like virus.

Face it, a Linux box can be hacked, and your credit card numbers will be up 
for grabs. Can a hacker install a trojan that monitors key-clicks? Sure he 
can, but it is more difficult than doing cat 
~/.kde/share/config/creditcardnumbers. 

Cheers,
Waldo
-- 
Andrei Sakharov, Exiled 1980-1986, USSR, http://www.aip.org/history/sakharov/
Dmitry Sklyarov, Detained 2001-????, USA, http://www.elcomsoft.com/