https://bugs.documentfoundation.org/show_bug.cgi?id=162389
--- Comment #1 from Peter Knoppers <[email protected]> --- I'll attempt to summarize the settings that the German Bundesamt fuer Sichterheit in der Informationstechnik suggest to change from their current defaults. RemovePersonalInfoOnSaving: change from Deactivated to Activated (reason: the author can accidentally store personal information in the document) BlockUntrustedRefererLinks: change from Deactivated to Activated (reason: inadvertant disclosure of user's IP address and time of opening of the document, used office software package. May also reload malicious content) MacroSecurityLevel: change from High to Very high (reason: macros should only be run when document is from a trusted source) SecureURL: optionally change from Empty to List of paths with limited write permission (reason: related to MacroSecurityLevel) CertDir: optionally change from Empty to NSS store of the user (to enable signing of documents) TSAURLs: change from Empty to https://zeitstempel.dfn.de, https://freetsa.org/tsr (reason: without a time-stamp-service it is not possible to sign PDF documents with time stamp. I hope I got that one correct/PK) Link (Calc): (refresh linked data(?)) change from On request to Never (Linking documents is a security risk. Untrusted documents could automatically import data from other documents, store that and consequently disclose it) Link (Writer): (refresh linked data (?)) change from Always to Never (Linking documents is a security risk. Untrusted documents could automatically import data from other documents, store that and consequently disclose it) CheckInterval: change from Weekly to daily (For importent security updates an interval of 7 days delays installation of updates unnecessarily) CrashReport: change from Active to Inactive (Working memory can contain sensitive information that should not be embedded in a crash report) The full document can be found at https://www.allianz-fuer-cybersicherheit.de/SharedDocs/Downloads/Webs/ACS/DE/BSI-CS/BSI-CS_147.pdf?__blob=publicationFile&v=6 -- You are receiving this mail because: You are the assignee for the bug.
