https://bugs.kde.org/show_bug.cgi?id=372116
Vincenzo Di Massa <hawk...@tiscali.it> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hawk...@tiscali.it
--- Comment #4 from Vincenzo Di Massa <hawk...@tiscali.it> ---
Hello,
I fully understand the security implications and I believe this is a good
opportunity to contribute with my cybersecurity background :-)
Many times we, technical people, look for intelligent technical solutions to
security problems. We tend to forget about the human in the loop. You would be
amazed knowing how many times not having a feature implemented can be as
security risk as well. We have to always balance the pros and cons even.
Someone could even not easily understand why not having this feature can be a
security problem! The obvious reason is that users wish to transfer data from
remote connections. If they can't they'll probably hack their solution without
thinking too much about security implications. In this case they could probably
ssh-forward the entire X session!!!
A correct risk analysis needs to always think about "what will users do if I
don't give them access/authorization to a feature they need"?
When I can I like to propose solutions when I perform risk analyses. I'll try
to propose one here as well. I prefer to think about "how to implement a
feature securely?" instead of thinking about "given the risks, shall we
implement it?"
So, what about a notification that must be clicked (or triggered with a key
sequence) within a short timeout before clipboard actions are applied?
Like this no clipboard action is performed until the user explicitly allows it,
but still remote clipboard actions become possible and available in just a few
clicks.
This is *secure by default* (nothing happens by default) easy to implement
without complex dependencies or algorithms (e.g. cryptography) *minimizes the
attack surface* and *does not use secrets*.
--
You are receiving this mail because:
You are watching all bug changes.
