On Tue, 2008-05-27 at 15:49 -0400, Drew Jensen wrote: > Thanks for the ideas Bernard, > > Bernard Peek wrote: > >> -Check for verions of OOo under Linux that require some reports to be > >> saved to disk, before then can be printed. > >> ( the biggest problem being "how to know all versions of OOo/OS that > >> have this problem" - so am thinking of just making this the process for > >> all printed reports > > > > That could be a security risk. Reports are likely to contain sensitive > > data. > > Meaning? > - The risk being that the report is saved to disk, but due to an error > the extension fails delete it? > or > - The risk exists even if the full process runs and it is removed > (unliked on disk)?
It's impossible to say what sort of data the database will be used for, so I suggest that you assume that all intermediate stages involve data that needs to be stored securely. Any unencrypted data files should only be readable by root. Even that may not be good enough. In some circumstances users may want any disk files to be encrypted and then securely erased. I don't think this is an immediate requirement because the demand for it would be limited. There may be workarounds to get the same result in other ways. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
