1. 3
  1. 8

    There’s an unintended security sideeffect of these autosave features that one should be aware of:

    In web environments it’s often common that files with a certain extension get executed by an interpreter (e.g. index.php), while “unknown” extensions will just get shipped to the user. There might be secrets (think wp-config.php) in those files that now become accessible for an attacker.

    kate likely isn’t widely used on web servers, but a) may still be used on a desktop with later uploads and b) vim has very similar functionality. Particularly with vim this is a super-common vulnerability to have https://[host]/.wp-config.php.swp downloadable.

    1. 4

      True, but it’s easily fixed:

          set directory=~/.vim/tmp/
          set backupdir=~/.vim/tmp/
          set undodir=~/.vim/tmp/
      
      1. 2

        This is more or less what I do (though I put mine inside ~/.cache). I mostly did this because I got tired of adding the .swp things to various ignore lists for syncing / backup tools but it also means that they don’t get copied to random locations and if I rsync a directory while a file is open then vim doesn’t permanently think it’s open on the remote machine.

    2. 1

      Not a user of either (you can pry Emacs from my cold dead RSI-afflicted fingers) but is it really true that GEdot doesn’t have an automatic save/recovery mechanism? That seems like table stakes for a serious text editor.

      1. 1

        continuous autosave is one of my favourite vim features too. definitely saved me a ton of lost work on more than one occasion.