How would you think it possible to password-protect an HTML document? If it were effective no browser could access it. Sounds like it's a bug that they offer it, but I'm not sure it's a security issue.
Password protection works much better on the other, binary formats, although better for some than others. The standard encryption for the older Office formats has been cracked by dozens of programs (see http://lostpassword.com/ for example). Recent versions of Office have many encryption options that aren't quite as easily cracked; the attacks use dictionaries and brute force, so a strong password can make it impractical to attack. Larry Seltzer Editor Ziff Davis Security SuperSite http://security.ziffdavis.com/ [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 12:24 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: password protection in office XP documents Why has Microsoft bothered putting document protection in their application? It takes 5 seconds to by pass it. Save a office document (that has document protection) as a .html document and than edit the page in a html editor, remove everything between the <o:DocumentProperties> </style>. Now open this page in word and all the protection is gone. No need to know the password. Microsoft evens documents this in their help file. Should this not be considered a security violation from a user point of view SKP --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
