You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Reported by jteh on 2011-03-22 23:12
When the "Use currently saved settings on the logon and other secure screens" button is pressed, NVDA copies the entire user configuration to the system config, including plugins and drivers. This has security implications for users who might not think about what untrusted plugins or drivers they have in their configuration. There are a few possible solutions:
Add a warning to the User Guide, and/or present a message to the user when they hit the button warning them of these implications and to check their config. Simple, but potentially annoying for users that just want to do a simple setting change.
Only copy the settings (nvda.ini) and speech dicts.
Some users probably do want to use custom drivers on secure screens. However, I guess they can copy them in manually if they really want to do this.
What if the settings specify a custom synth/braille display driver? We'll fall back to the default anyway, but this is still fairly ugly.
Provide options for what parts of the config to copy.
Fairly complicated and probably not user friendly.
Marking as minor because this does require admin privs, so it's fair to expect the user to be a little careful.
The text was updated successfully, but these errors were encountered:
Comment 1 by jteh on 2011-05-23 15:50
Solution: display a warning dialog when the button is pressed only if there are user provided drivers or plugins.
Comment 2 by mdcurran on 2011-05-28 01:47
Fixed in 7bac8e6. When the user presses the button to copy user settings to the system profile, they are now asked if they still wish to do this, if custom plugins are detected.
Changes:
State: closed
Reported by jteh on 2011-03-22 23:12
When the "Use currently saved settings on the logon and other secure screens" button is pressed, NVDA copies the entire user configuration to the system config, including plugins and drivers. This has security implications for users who might not think about what untrusted plugins or drivers they have in their configuration. There are a few possible solutions:
Marking as minor because this does require admin privs, so it's fair to expect the user to be a little careful.
The text was updated successfully, but these errors were encountered: