[prev in list] [next in list] [prev in thread] [next in thread]
List: kfm-devel
Subject: Re: Fwd: KDE 2.2: security vs auto-completion in forms
From: George Staikos <staikos () kde ! org>
Date: 2001-09-01 4:17:43
[Download RAW message or body]
On Monday 27 August 2001 17:08, Waldo Bastian wrote:
> sorry that I try to reach you this way - I'm not even a
> developer, just a user - well, but maybe this hint is of
> some use. How about this way to handle the situation:
>
> - Enable form completions as default
>
> - Keep this setting as long as no encrypted page is loaded
>
> - When an encrypted page is loaded, ask the user whether
> form completion shall be disabled now and explain what
> can happen (data is stored at unexpected places on disk).
>
> - The user can confirm or reject form completion disabling
> and it also is possible to mark a "don't ask me again"
> option.
>
> - If the user wants to change this policy later on, an
> appropriate dialog offers these options (as suggested
> by Kurt Granroth):
>
> Enable Form Completions
> ( ) Always
> ( ) Only on unencrypted pages
>
>
> - In general (for this situation and for possible similar
> ones): keep things secure first. If there's a tradeoff
> situation between security and comfort, ask the user whether
> comfort or security is preferred.
>
> Be sure to make security changes very explicit to the user
> (dialogs with a thick, red borders? Two confirmation dialogs?).
>
> Never make the "insecure" option the default, as it can be
> found in some Microsoft products. Otherwise, it might only
> be a matter of time until this is exploited, resulting in
> bad press for the KDE project.
Yes this is a very good suggestion, and I hope we can see this in 2.2.1.
This is exactly the way it should work.
--
George Staikos
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic