https://issues.apache.org/ooo/show_bug.cgi?id=54274
orcmid <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |RESOLVED CC| |[email protected] Version|OOO 2.0 Beta2 |605 Resolution| |WONTFIX --- Comment #3 from orcmid <[email protected]> 2012-04-11 01:15:42 UTC --- None of the ways of setting protections, including protect against changing the change-tracking settings and protecting a document as read-only are security provisions. It is easy for the protection settings to be overcome by direct manipulation of XML elements in the ODF package. The protection can be removed, forged, and moved onto other documents without knowing the password that is used. I agree that users do need to know that these protections are not the same as the strong, encryption-enforced protection that is achieved solely by the "Save with Password" option when saving documents. It would help were the interface arranged in such a way that the setting of protections is not a document-security measure and the setting of protections is more for prevention of accidents than any strong preservation of document integrity. If there is any way to prevent future vulnerabiities against the passwords themselves (a genuine security issue) and to provide some security-enforced protection of certain content and settings, that needs to be dealt with by new approaches. Other issues shold be raised for that. The ODF format and the use of password-digests as protection authenticators in that format is not now amenable to any other approach. -- Configure bugmail: https://issues.apache.org/ooo/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
