Hi Dave,

We are talking about a whitelisting feature. And the discussion tries to 
evaluate if requirements between macro and hyperlink do differ from user 

I suggest not to mix whitlisting feature with the particular security method. 
Ideal would be if the security has only the need to ask. 
Whitelist.IsAllowed(URL, <certificate>)
 and that's it. 
It may be from an architectural standpoint that this might be even a property 
of the Url itself instead of the a security method. 

All the best

Am 7. Mai 2021 07:26:28 MESZ schrieb Dave Fisher <w...@apache.org>:
>I think it is really important to not mix macro security with hyperlink
>security. We are discussing hyperlink security.
>If you look into the bugzilla and the way we fixed the recently
>disclosed CVE you will find that mixing the two was how many of these
>issues have lingered for 15 years since OpenOffice.org 2.0 in roughly
>Please discuss improvements with macros elsewhere.
>> On May 5, 2021, at 10:44 AM, Peter Kovacs <pe...@apache.org> wrote:
>> On 05.05.21 14:37, Arrigo Marchiori wrote:
>>> Hello,
>>> On Wed, May 05, 2021 at 07:08:11AM +0000, Peter Kovacs wrote:
>>>> The best approach I believe is to add a whitelist feature as for
>>>> files.
>>>> Users can add then the links they wish to approve.
>>> Do you mean file-based whitelists instead of target-based?
>>> I will try to explain myself better: the current filter on AOO
>>> is target-based, because it is the target of the link that triggers
>>> the warning. Are you suggesting to add a whitelist based on files,
>>> example "allow any links in documents from this directory"?
>>> If so, would you use the same whitelist as for macros, or would you
>>> introduce another one?
>> I do not think that it makes sense to allow
>https://my.payload.crime/AOO_diskscrambler.ods to be seen as save
>target for opening and macro execution at the same time.
>> Better is to have both separated. And the simple practicable solution
>is to just add an own list which allows targets to be listed.
>> If we would want to have a vision, where we should develop to, this
>would be mine:
>> We have One list and 2 properties. 1 property for hyperlink
>whitelisting, the other one for (macro) execution. I like our 4
>security stages.
>> Example for a customized setup on a POSIX filesystem (security level
>3 = very high and 0 = low; first value is hyperlink, second value is
>macro execution of this origin):
>> /tmp  (3,3) => Everything in the temp folder does not open links or
>execute macros
>> ~/ (2,2) => something that is within the home path, but not a folder
>listed below, may execute signed macros or open targets that have a
>trusted certificate
>> ~/Downloads (2,3) => Downloads may open Links with a trusted
>certificate but not allow to execute any macros
>> ~/onlymystuff (0,0) => this is my documents and I allow everything
>possible here.
>> ~/macro_examples (3,1) => delivered example I do not want them to
>execute, but they may be not linked by another document.
>> ftps://securecontent.org ( 2,2) => this links pointing to this target
>are opened, and the downloaded file may execute macros if they are
>signed with a trusted key.
>> All the best
>> Peter
>> -- 
>> This is the Way! http://www.apache.org/theapacheway/index.html
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
>> For additional commands, e-mail: dev-h...@openoffice.apache.org
>To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
>For additional commands, e-mail: dev-h...@openoffice.apache.org

Reply via email to