From kde-core-devel Thu Aug 02 22:06:55 2001 From: Rolf Magnus Date: Thu, 02 Aug 2001 22:06:55 +0000 To: kde-core-devel Subject: Re: Outstanding critical issue for KDE 2.2 X-MARC-Message: https://marc.info/?l=kde-core-devel&m=99679316829501 On Thursday 02 August 2001 20:28, Kurt Granroth wrote: > Somebody earlier said that "security is not optional". Bullshit. There > always has been and always will be a tradeoff between convenience and > security... the trick is finding the right balance between the two. > Unfortunately, finding the balance is tricky because there are such > divergent opinions on how to handle this. You can tell that's the case > when the mythical User steps in. As in, "The User wants this" or "The User > wants that". The problem is that the user tends to want more convenience and doesn't want to think about security problems. But when he finds out that someone stole a lot of money from him, he will find the software to be responsible for this. > The fact remains is that all sides to the arguement are right. There are > loads of users that haven't the first clue where their data is stored > locally nor do they care. They simply want their form completion to work > as expected. Then there are tons of users that know the security > implications of storing sensitive data to disk and want nothing to do with > it. Both user opinions are valid and they effectively cancel each other > out. That's right, but everyone wants security. It's just that some people don't know it yet. It's a bad idea to let people find this out themselves. > Really, the only long term solution to this that I can see is Yet Another > Option. Something like: > > Enable Form Completions > ( ) Always > ( ) Only on unencrypted pages Better: ( ) Always (insecure!) ( ) Only on unencrypted pages (less convenient) So people know why it's set to #2 and what they are doing if they change it. > The other long term option involves having the user enter some password > during every browsing session and encrypting the data to disk. I speak for > myself when I say that hell will freeze over before I enter a password > before all of my browsing sessions (convience vs security again). Well, you wouldn't need it before all sessions, just before entering senisitve data into a form that will be transmitted over https. But this might just make it so unconvenient that you prefer to type in the credit card number. > FWIW, I think we should release as-is. It's more secure than what IE does You should never compare the security of two apps. This is not an anti-Microsoft thing. It's just that "it's more secure than ..." doesn't mean anything. -- Woah... I did a "cat /boot/vmlinuz >> /dev/dsp" - and I think I heard god