https://issues.apache.org/ooo/show_bug.cgi?id=119152
Andre <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #6 from Andre <[email protected]> --- Some observations: - OpenOffice is not designed as DRM enabled viewer. - But AOO should handle encrypted files better. - OpenOffice is not designed to not use temporary files for images. - The user that has the password for a file has also access to the images. There is not much we can do about that. - Other users should not have access to the images. My conclusions: - I accept this bug as a security problem but not as a DRM problem. - Don't try to avoid temporary files. - Try to fix this in one of two ways or possibly both: = As Rob suggested, restrict access rights for temporary files to a minimum (read/writable by the user). = Encrypt the temporary files before storing them on disk. As I don't know if encrypting temporary files is feasible--we can not ask the user for the password each time a temp file written or read; therefore we have to store it--we probably should focus on restricting access rights. I don't know if anybody know the temp file mechanism well enough to finish this for the 4.0 release. -- You are receiving this mail because: You are on the CC list for the bug.
