To comment on the following update, log in, then open the issue:
http://www.openoffice.org/issues/show_bug.cgi?id=60051
User ab changed the following:
What |Old value |New value
================================================================================
Status|NEW |RESOLVED
--------------------------------------------------------------------------------
Resolution| |INVALID
--------------------------------------------------------------------------------
------- Additional comments from [EMAIL PROTECTED] Fri Jan 6 05:50:15 -0800
2006 -------
Sorry, but I don't agree at all. This "defect" is only a misunderstanding
of the Basic password protection feature. It's a perfect example for the
famous slogan: It's not a bug, it's a feature! :-)
> Steps 1) to 4): Ok
> 5) Enter incorrect password or cancel
-> The library can neither be opened for editing nor any macros can be
executed
This indeed is a bug or at least not very nice (partly covered by task
#i59247),
but the problem is that the macros are _not_ displayed and can _not_ be
excuted,
because they should be visible and executable! See below...
> 6) Close the macro organizer
> 7) Open "Run Macros"
-> There is no visual difference between protected libraries and accessible
ones
Correct, there's no reason for a visual difference here.
> 8) Expand the node of the protected library
-> No password dialog is displayed, macros can be executed
That's how it should be. The only target of the Basic password protection
feature is to protect the Basic source code. This allows a Basic programmer
to give away a library for use without also publishing his sources. Of course
his customer must be able to run the macros. That's why also the byte code
is stored in a document containing a password protected library.
> I consider this a security breach and set the prio to 2 with target OOo 2.0.3
Please don't mix up password protection with security. Security is to pro-
tect the user against mean macros formatting his disk. Password protection
on the other hand is to protect the macro (source) against the user not
allowing him to analyse the ingenious algorithms developed by the macro's
author in years of work.
The Basic password feature has nothing to do with security and should not
prevent the Basic macros to be executed. Quite the contrary, without the
possiblity to execute (source) protected macros this feature would nearly
be useless as for macro security (now really security) other mechanisms
are available like Macro security levels, trusted source, signing etc.
-> INVALID
ab->jsk: You should know all this... :-)
---------------------------------------------------------------------
Please do not reply to this automatically generated notification from
Issue Tracker. Please log onto the website and enter your comments.
http://qa.openoffice.org/issue_handling/project_issues.html#notification
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
