Joe Smith wrote: > Mathias Bauer wrote: >> ... >> Yes, signing is possible (I mentioned that several times ;-)). > > Yes, I've never tried to use it and I wasn't exactly sure what the > signing accomplished. > > I also don't know what the scope of the protection is. Suppose the > document was a template with macros. Would signing allow the document > text to be changed but not the macros? Or does the signature cover the > whole ODF file?
Signing is not the same as protection. Signing detects changes and by detecting a "broken" signature users can be warned that whatever has been signed now has been changed by someone and perhaps shouldn't be trusted anymore. You can either sign a whole document or only its macros. If your security setting is "only execute signed macros" OOo will check if a macro going to be executed is signed and whether its signature is still valid. The latter means that the macro hasn't been changed since its author has signed it. A signature is not really a guarantee as it is based on trust. Even a non-broken signature must be verified by an instance the user trusts. But explaining that will be a long story. It should be enough to say that there are well-established procedures to handle this. If you want to have protection of macros you must use encryption. OOo can encrypt macros so that its source code can be changed only by people knowing the password. As OOo also stores a non-encrypted version of the macro as "byte code" the macro still can be executed without knowing the password (and OOo will not ask for it as long as you don't try to edit the macro). The security level is not extraordinarily high as byte code can be changed even without access to the source code with considerable effort (hacker's work) so signing is still recommended. Whatever means you apply, security always can only be achieved at the expense of commodity or functionality. Ciao, Mathias -- Mathias Bauer (mba) - Project Lead OpenOffice.org Writer OpenOffice.org Engineering at Sun: http://blogs.sun.com/GullFOSS Please don't reply to "[EMAIL PROTECTED]". I use it for the OOo lists and only rarely read other mails sent to it. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
