Re: Disabling Temporary Files?
On Wed, 2012-03-28 at 08:12 -0400, Marc-André Laverdière wrote: > My colleagues found out that the temp file is password-protected too, > so that part is fine. > But images inside the file are saved as temporary files too! Is there > something we can do about that? Sure - you could encrypt them too ;-) This ties into the massive mis-design of the image management code I suspect; one of the fun problems is (I suspect) image sharing across documents which is riddled with problems lifecycle-wise. Put another way, paste an image across two documents, with different passwords and - fun can happen :-) On the other hand, if the doc data is crypted, modulo the structural problems, I don't see why images should not be similarly handled - though it'll be some work. HTH, Michael. -- michael.me...@suse.com <><, Pseudo Engineer, itinerant idiot ___ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice
Re: Disabling Temporary Files?
Hi, > My colleagues found out that the temp file is password-protected too, > so that part is fine. > But images inside the file are saved as temporary files too! Is there > something we can do about that? What's the actual goal to reach by this ? If you wanna protect against the scenario that somebody steals the computer, then encrypting the temp files won't suffice. You'll also need to encrypt swapspace and make sure, the secret cannot be reconstructed from main memory (IOW: hold the secret in registers or CPU cache). Such things need to be done on operating system (IOW: kernel) level, cannot be done in application scope. Actually, I wouldn't call the OO encryption particularily secure, there're several known attack vectors that reduce the keyspace to be tried by brute-force dramatically. Better dont use it at all and take something like gpg, properly choosing ciphers and large enough keys. cu ___ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice
Re: Disabling Temporary Files?
bump :) Marc-André LAVERDIÈRE "Perseverance must finish its work so that you may be mature and complete, not lacking anything." -James 1:4 http://asimplediscipleslife.blogspot.com/ mlaverd.theunixplace.com 2012/3/28 Marc-André Laverdière : > My colleagues found out that the temp file is password-protected too, > so that part is fine. > But images inside the file are saved as temporary files too! Is there > something we can do about that? > > Marc-André LAVERDIÈRE > "Perseverance must finish its work so that you may be mature and complete, > not lacking anything." -James 1:4 > http://asimplediscipleslife.blogspot.com/ > mlaverd.theunixplace.com > > > > > 2012/3/2 Michael Meeks : >> >> On Fri, 2012-03-02 at 14:31 -0500, Marc-André Laverdière wrote: >>> I will do that investigation. Just a quick question: if the original >>> file was password-protected, will the temp files be similarly be >>> protected? >> >> Almost certainly not :-) but theoretically they could be of course. >> >> All the best, >> >> Michael. >> >> -- >> michael.me...@suse.com <><, Pseudo Engineer, itinerant idiot >> ___ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice
Re: Disabling Temporary Files?
My colleagues found out that the temp file is password-protected too, so that part is fine. But images inside the file are saved as temporary files too! Is there something we can do about that? Marc-André LAVERDIÈRE "Perseverance must finish its work so that you may be mature and complete, not lacking anything." -James 1:4 http://asimplediscipleslife.blogspot.com/ mlaverd.theunixplace.com 2012/3/2 Michael Meeks : > > On Fri, 2012-03-02 at 14:31 -0500, Marc-André Laverdière wrote: >> I will do that investigation. Just a quick question: if the original >> file was password-protected, will the temp files be similarly be >> protected? > > Almost certainly not :-) but theoretically they could be of course. > > All the best, > > Michael. > > -- > michael.me...@suse.com <><, Pseudo Engineer, itinerant idiot > ___ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice
Re: Disabling Temporary Files?
On Fri, 2012-03-02 at 14:31 -0500, Marc-André Laverdière wrote: > I will do that investigation. Just a quick question: if the original > file was password-protected, will the temp files be similarly be > protected? Almost certainly not :-) but theoretically they could be of course. All the best, Michael. -- michael.me...@suse.com <><, Pseudo Engineer, itinerant idiot ___ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice
Re: Disabling Temporary Files?
Hello, I will do that investigation. Just a quick question: if the original file was password-protected, will the temp files be similarly be protected? On 2012-02-28 1:57 PM, "Michael Stahl" wrote: > On 28/02/12 19:46, Marc-André Laverdière wrote: > > Hello, > > > > I need to ensure that data confidentiality. > > i don't believe that the completely undisciplined use of temp files in > the historic OpenOffice.org code base is conductive to this goal; it > would probably be a good idea to investigate encrypted file systems, at > least for /home and /tmp or whatever the equivalent is on Windows (also, > you want to ensure that swap/pagefile is on encrypted storage). > > regards, > michael > > ___ > LibreOffice mailing list > LibreOffice@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/libreoffice > ___ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice
Re: Disabling Temporary Files?
On Tue, 2012-02-28 at 13:46 -0500, Marc-André Laverdière wrote: > I need to ensure that data confidentiality. Ok; so as Michael says, tons of apps dump lots of state into /tmp files - an encrypted /tmp would help with that. Failing that mounting a ramdisk over /tmp would do it (on Linux). I guess you could imagine using the built-in document encryption to do it ... You -might- hope that the autosave / tmp files etc. might be encrypted if you use encryption on the document and a good password, but I suspect that that is unlikely to work ;-) though it might be a good place to start if you want to hack on that. HTH, Michael. -- michael.me...@suse.com <><, Pseudo Engineer, itinerant idiot ___ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice
Re: Disabling Temporary Files?
On 28/02/12 19:46, Marc-André Laverdière wrote: > Hello, > > I need to ensure that data confidentiality. i don't believe that the completely undisciplined use of temp files in the historic OpenOffice.org code base is conductive to this goal; it would probably be a good idea to investigate encrypted file systems, at least for /home and /tmp or whatever the equivalent is on Windows (also, you want to ensure that swap/pagefile is on encrypted storage). regards, michael ___ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice
Re: Disabling Temporary Files?
Hello, I need to ensure that data confidentiality. Marc-André LAVERDIÈRE "Perseverance must finish its work so that you may be mature and complete, not lacking anything." -James 1:4 http://asimplediscipleslife.blogspot.com/ mlaverd.theunixplace.com 2012/2/27 Michael Meeks : > Hi Marc, > > On Mon, 2012-02-27 at 04:15 -0500, Marc-André Laverdière wrote: >> I am working on something for which we want the document to stay in >> memory, with no temp file on disk. > > Ho hum ;-) > >> And the result is that we have a temporary file in >> C:\Users\meh\AppData|local\Temp\ > > Sounds normal, -hopefully- the properties on that file are such that > only the user can read/write them - otherwise we have a bigger problem. > >> Is there any PropertyValue that we can set that will disable all >> temporary files? > > It seems unlikely - we rely on tmp files quite heavily in a number of > situations I think. Of course - we could try collecting those all > together behind one API in sal/ and then using an in-memory storage > instead I guess but ... > > Why do you want to keep them off the oxide ? > > Sorry, > > Michael. > > -- > michael.me...@suse.com <><, Pseudo Engineer, itinerant idiot > ___ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice
Re: Disabling Temporary Files?
Hi Marc, On Mon, 2012-02-27 at 04:15 -0500, Marc-André Laverdière wrote: > I am working on something for which we want the document to stay in > memory, with no temp file on disk. Ho hum ;-) > And the result is that we have a temporary file in > C:\Users\meh\AppData|local\Temp\ Sounds normal, -hopefully- the properties on that file are such that only the user can read/write them - otherwise we have a bigger problem. > Is there any PropertyValue that we can set that will disable all > temporary files? It seems unlikely - we rely on tmp files quite heavily in a number of situations I think. Of course - we could try collecting those all together behind one API in sal/ and then using an in-memory storage instead I guess but ... Why do you want to keep them off the oxide ? Sorry, Michael. -- michael.me...@suse.com <><, Pseudo Engineer, itinerant idiot ___ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice
