Re: [Okular-devel] [Bug 267350] filling out a PDF form saves data to some file i ~/.kde/share/apps/okular/docdata/

[Dan Armbrust <daniel.armbrust.list@xxxxxxxxx>]

> Hmm. Most software with autocompletion support does that. E.g. browsers, email
> programs.

They also ask your permission first.  And they have an off switch.
And, they definitely don't autocomplete fields which are know to
contain private info - aka - passwords.  Unless you go through another
dialog telling it to remember the password.  And they give you a menu
option to clear it.  And, most browsers now have a "don't remember
anything" mode.  Okular has none of those.

> However I don't see any facts supporting the claim of "virus like behavior".

Hiding users data without permission and without the users knowledge
certainly is virus like behavior.  If they didn't click save, you
shouldn't save.  Its pretty simple.

> I would recommend lobbying for secure storage of form completion data like
> other form completing programs do.

I doubt it would help.  The feature is so mis-conceived from the
get-go that it serves almost no purpose.  There is almost no point in
storing form data for Form A in randomly named File B.  If you even
rename file A, Okular gets confused and can no longer associate the
data from File B with Form A.  Don't even think about trying to sent
Form A to another person... it doesn't work.  The only way it could be
properly implemented is to store the data in the actual PDF file,
where it belongs.  But that is hard.  So it seems unlikely that it
will ever be implemented in the near future.

The only sane thing to do is to turn the feature off.  At least by
default.  At least give the user some control over it.  Which I
suggested 2 years ago.  And here we _still_ are.
___________________________________________________
This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.