[prev in list] [next in list] [prev in thread] [next in thread]
List: kfm-devel
Subject: Fwd: KDE 2.2: security vs auto-completion in forms
From: Waldo Bastian <bastian () kde ! org>
Date: 2001-08-27 21:08:31
[Download RAW message or body]
---------- Forwarded Message ----------
Subject: KDE 2.2: security vs auto-completion in forms
Date: Mon, 27 Aug 2001 09:43:33 +0200
From: "Oberle Christoph (MU/EMS2)" <Christoph.Oberle@de.bosch.com>
To: bastian@kde.org
Hi Waldo,
sorry that I try to reach you this way - I'm not even a
developer, just a user - well, but maybe this hint is of
some use. How about this way to handle the situation:
- Enable form completions as default
- Keep this setting as long as no encrypted page is loaded
- When an encrypted page is loaded, ask the user whether
form completion shall be disabled now and explain what
can happen (data is stored at unexpected places on disk).
- The user can confirm or reject form completion disabling
and it also is possible to mark a "don't ask me again"
option.
- If the user wants to change this policy later on, an
appropriate dialog offers these options (as suggested
by Kurt Granroth):
Enable Form Completions
( ) Always
( ) Only on unencrypted pages
- In general (for this situation and for possible similar
ones): keep things secure first. If there's a tradeoff
situation between security and comfort, ask the user whether
comfort or security is preferred.
Be sure to make security changes very explicit to the user
(dialogs with a thick, red borders? Two confirmation dialogs?).
Never make the "insecure" option the default, as it can be
found in some Microsoft products. Otherwise, it might only
be a matter of time until this is exploited, resulting in
bad press for the KDE project.
With kind regards
Christoph Oberle
-------------------------------------------------------
--
KDE 2.2: We deliver.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic