To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=54274 Issue #:|54274 Summary:|Security : password of documentation modification |history can easily be removed Component:|Word processor Version:|OOO 2.0 Beta2 Platform:|All URL:| OS/Version:|All Status:|NEW Status whiteboard:| Keywords:| Resolution:| Issue type:|DEFECT Priority:|P3 Subcomponent:|configuration Assigned to:|mru Reported by:|ebischoff
------- Additional comments from [EMAIL PROTECTED] Tue Sep 6 08:07:03 -0700 2005 ------- To reproduce: --- victim: 1) Edit => Modifications => Protect history 2) Provide a password, repeat that password, press OK 3) Save the document and exit --- cracker: 4) Unzip the document 5) In settings.xml, remove the line containing "RedlineProtectionKey" 6) Zip the result to reconstitute the document The password is not needed anymore to protect the history of modifications. Microsoft has been criticized for exactly the same problem: http://www.securityfocus.com/bid/9342/discuss http://news.zdnet.co.uk/software/windows/0,39020396,39118935,00.htm Microsoft replied that the "Protect history" option was not really a security feature, and that this option is mainly for the purposes sharing documents. That's correct, and the same applies to OpenOffice.org. Still, asking the user to enter a password might give him/her a wrong impression of security :-(. --------------------------------------------------------------------- Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
