https://issues.apache.org/ooo/show_bug.cgi?id=121141
Priority: P3
Bug ID: 121141
CC: [email protected]
Assignee: [email protected]
Summary: Document Properties Security Tab Misnamed
Severity: normal
Issue Type: DEFECT
Classification: Code
OS: All
Reporter: [email protected]
Hardware: All
Status: CONFIRMED
Version: AOO 3.4.1
Component: www
Product: security
Created attachment 79694
--> https://issues.apache.org/ooo/attachment.cgi?id=79694&action=edit
This is the File | Properties dialog of AOOi 3.4.1 Writer, showing the
"Security" tab options.
In AOOi 3.4.1 Writer, the File | Properties dialog has a tab named "Security."
The tab does not provide Security functionality. It provides Protection
functionality with regard to having the document be kept read-only and to have
change-tracking locked using special protection attributes in the ODF settings
information.
These are not security functions. It is dangerous to identify them as anything
that protection measures.
1. The protections are trivial to defeat, without ever knowing the password.
2. It is possible to use the protection hash to forge the protections on
altered documents and on other documents.
3. Because the has of the protection password is in "plain sight" in the
document, the password is subject to attack, discovery, and compromise.
For more about the exposure of protection settings to various compromises, see
https://tools.oasis-open.org/version-control/svn/oic/Advisories/00009-ProtectionKeySafety/trunk/description.html
--
You are receiving this mail because:
You are on the CC list for the bug.
