https://bugs.documentfoundation.org/show_bug.cgi?id=169890
--- Comment #7 from Eyal Rozenberg <[email protected]> --- (In reply to Heiko Tietze from comment #6) Let me expand on that a little. I brought up two scenarios: * A user is repeatedly opening and editing the same file. It is annoying if they have to dismiss the warning every time they open it. * A user imports data from raw input files within a certain directory, in many documents the user is working on. The user would be faced with a warning every time such an importing document is opened, which is a lot, and would like to say "that source folder is safe". This what Jan Vlug alluded to in his opening comment. These are legitimate user interests. The question is how to balance them with the desire to protect users from accidentally importing something they don't trust. I brought up two options for "whitelisting" in the meeting, one of which being for a specific file via full pathname. That whitelisting can also be hardened a bit with a hash, which is updated as LO edits the file or when it saves the file, so that external changes would invalidate the whitelist and make the user have to authorize the import again. One point we did not properly discuss is the nature of the security risk. It did come up partially through the discussion of chained linking: Document A links to Document B which in turn links to Document C; it was suggested in the meeting to limit the whitelisting to depth-1 linking and not to apply it to a chain. But, actually, this should turn our focus to a different point: There is no security risk in simply importing data - strings and numbers. The risk is in _untrusted Macros_ running - on import, or later on. But - most imports are for data edited separately, not so much for macros edited separately. While I suppose the latter case is possible, it's definitely not the typical case. Even in the example Heiko mentions - the import is from a CSV! So, I would like to propose the following: If the imported document has no macros (due to the format not supporting macros, or just the fact that macros were not found) - we should either always update automatically without confirmation, or have an option for disabling such warnings globally. This option should be accessible from the warning bar - either by opening a dialog or with an embedded toggle. and then, additionally, we would have the whitelisting of files, for avoiding warnings on macro importation; and chaining would require the chain target to also be whitelisted. And that kind of whitelisting should probably be accessible from the warning bar as well. -- You are receiving this mail because: You are the assignee for the bug.
