Reported by jteh on 2011-03-22 23:12
When the "Use currently saved settings on the logon and other secure screens" button is pressed, NVDA copies the entire user configuration to the system config, including plugins and drivers. This has security implications for users who might not think about what untrusted plugins or drivers they have in their configuration. There are a few possible solutions:
- Add a warning to the User Guide, and/or present a message to the user when they hit the button warning them of these implications and to check their config. Simple, but potentially annoying for users that just want to do a simple setting change.
- Only copy the settings (nvda.ini) and speech dicts.
- Some users probably do want to use custom drivers on secure screens. However, I guess they can copy them in manually if they really want to do this.
- What if the settings specify a custom synth/braille display driver? We'll fall back to the default anyway, but this is still fairly ugly.
- Provide options for what parts of the config to copy.
- Fairly complicated and probably not user friendly.
Marking as minor because this does require admin privs, so it's fair to expect the user to be a little careful.
Reported by jteh on 2011-03-22 23:12
When the "Use currently saved settings on the logon and other secure screens" button is pressed, NVDA copies the entire user configuration to the system config, including plugins and drivers. This has security implications for users who might not think about what untrusted plugins or drivers they have in their configuration. There are a few possible solutions:
Marking as minor because this does require admin privs, so it's fair to expect the user to be a little careful.