Search Mac Software Downloads
|
MacUpdate Desktop 5     |     Weekly Popular  |  Hot Picks  |  iPhone  |  Mac OS X  |  About     |     Deals: Daily  /  Discount StoreAdd a File +
  Main   Members
User "mendota" Profile
user image
About mendota
Last Login:6 Feb 2008 00:35
Posts:3
Recent Downloads:
(none)
User Reviews


icon
Yep		Feb 6 2008

MENDOTA  Hey Lev,

What if say you decide to encrypt a PDF document after Yep has cached it? Your document is now "secure" but the original, unprotected cache file doesn't update and is still accessible in the cache folder.

I don't think this is a trivial issue because the program as billed as a solution for medical, financial documents, etc. that you presumably want to keep private.

I agree the search capabilities are awesome, the interface is innovative, and the tags are great. But I wouldn't use it for it's stated purpose at this time. For browsing regular PDFs, sure, why not.  
(Version 1.7.3)

praisebury
0
[ Reply ]


icon
Yep		Feb 6 2008

MENDOTA  Hi Tom. Thanks for the reply.

So here's a case scenario. I have a financial document stored as a PDF for a short interval. Yep caches the document. I then later delete (let's even say secure delete/shred) the financial document pdf.

As far as I, the naive user, know, it's all good.. But as I just tested myself, Yep does not delete the corresponding cache file (unless it happens with a time delay i haven't hit yet). So in reality, my sensitive info is still in the open. Now most users probably don't know or care about the cache file, but that's the whole point. They don't realize they are potentially at risk.

Safari saves URLs but not the actual content of PDF images, if it would save say "http://myonlinebank.com" but not your actual bank statement, account #, etc. There's a world of difference.

So my original question stands- would it be feasible to either offer the option to encrypt the cache file or to specify a separate location of the user's choice, such as within an encrypted vault?

Thanks.  
(Version 1.7.3)

praisebury
0
[ Reply ]


icon
Yep		Feb 2 2008

MENDOTA  Yep, This won't keep your private files private.

This software claims to make important documents such as financial documents or medical records "more accessible." Unfortunately, this is true in more ways that the developers probably had in mind. The mini-images that Yep creates for your PDF files are all stored in the open in an unencrypted Library folder. How convenient for anyone who gains unintended access to your computer!

There are multiple ways the developers could address this problem, such as incorporating password protection to the cache folder, or allowing the user to setup a cache folder within an encrypted vault to pertain to the files within that vault.

I emailed the developers twice and never received a reply.

So while this is a nice program for browsing PDFs of articles, it seems like a poor choice for handling sensitive personal files. Eagle Filer or Records Master might be better in that respect, although they don't have quite as slick previewing and tagging, yet.  
(Version 1.7.2)

praisebury
-2
[ 3 Replies - Reply ]
Replies:


icon
Yep		Feb 5 2008

TOMANDERSEN  Tom, The developer here.

The thumbnails of the PDFs are stored in the same volume as the PDFs themselves, so if you can see the thumbnails, you can also see the PDFs. This is not really a security issue any more than the fact that all of your email is also stored in your home account, etc. For instance Safari has a cache of all internet sites that you have recently visited in that same folder.

If anyone has more questions on this, please contact us via the contact page on our web site.  
(Version 1.7.3)

praisebury
0


icon
Yep		Feb 6 2008

MENDOTA  Hi Tom. Thanks for the reply.

So here's a case scenario. I have a financial document stored as a PDF for a short interval. Yep caches the document. I then later delete (let's even say secure delete/shred) the financial document pdf.

As far as I, the naive user, know, it's all good.. But as I just tested myself, Yep does not delete the corresponding cache file (unless it happens with a time delay i haven't hit yet). So in reality, my sensitive info is still in the open. Now most users probably don't know or care about the cache file, but that's the whole point. They don't realize they are potentially at risk.

Safari saves URLs but not the actual content of PDF images, if it would save say "http://myonlinebank.com" but not your actual bank statement, account #, etc. There's a world of difference.

So my original question stands- would it be feasible to either offer the option to encrypt the cache file or to specify a separate location of the user's choice, such as within an encrypted vault?

Thanks.  
(Version 1.7.3)

praisebury
-1


icon
Yep		Feb 6 2008

TEXLOGIC  "The mini-images that Yep creates for your PDF files are all stored in the open in an unencrypted Library folder. How convenient for anyone who gains unintended access to your computer!"

Unintended access?! Good grief, don't you know enough about your own computer to keep that from happening? Securing your own computer is YOUR job not the job of application developers.  
(Version 1.7.3)

praisebury
+1


The opinions expressed in the reviews are not necessarily those of MacUpdate.
MacUpdate waives any legal binding related to the comments and opinions expressed in the reviews.
Please contact MacUpdate politely if you wish for a comment to be reviewed by MacUpdate for removal.