On Mon, 15 Feb 2010, Florin Iucha wrote:

> On Mon, Feb 15, 2010 at 11:44:29AM -0600, Dan Armbrust wrote:
>
>>> Plus whatever protections the file permissions provide.  If a 
>>> directory is 755 but a file in it is 600, that's better protection 
>>> than if the file is 644.  If they made the file 644 in a directory 
>>> that is 755, that would be especially reckless, so I was wondering 
>>> about that.  If they made the file 600, that would suggest that they 
>>> see the problem, but they think the file permission is enough to deal 
>>> with it.
>>
>>
>> dana at strongbad:~ =>ls -al .kde/share/apps/okular/docdata/
>> total 4
>> drwx------ 2 dana dana  88 2010-02-15 11:43 .
>> drwx------ 3 dana dana 104 2010-02-15 11:43 ..
>> -rw-r--r-- 1 dana dana 363 2010-02-15 11:43 31460.sample.pdf.xml
>>
>>
>> Sigh.  But the directory permissions above the file are 700.
>>
>> The fact that the file even exists without the app informing me about 
>> it is what irks me.
>
> They wanted to be "user-friendly" and not scare or annoy you with the 
> warning dialog.  And in all fairness, most users will just click-through 
> it with reckless abandon.


But they seem to save the file indefinitely.  If the user downloads a PDF 
file, fills it in, prints it out and deletes it, the foo.sample.pdf.xml 
file remains, possibly forever.

If I fill out a form, then I want my wife to fill out that same form using 
my account, I guess it would be tricky to figure out how to clear all of 
the fields.

It's just a very weird situation, isn't it?  I can see how it would make 
more customers happy than unhappy, but it's just bad practice.  They could 
prompt the user "save form data?", or something like that when the file is 
being closed.

Mike