On Fri, 2005-09-16 at 15:04 +0200, cono wrote: > Niklas Nebel wrote: > > > Robert Volke wrote: > > > >> The easiest route would be if we could do a combination of the network > >> security and using OpenOffice's security. But this is a problem since > >> some users need to keep Microsoft Office due to software and file (due > >> to extensive macros) dependencies on it, and OpenOffice has he lovely > >> ability to bypass read-only security on the file level. I also heard > >> that you can get around the OpenOffice password security by saving the > >> document into a microsoft format. > > > > > > What's that fuss about the "security" of read-only settings? You can > > copy the content into a new document, save that one under the old name - > > and already you've "broken" the read-only flag. If the content is also > > hidden (but usable in formulas) or non-selectable, it's only slightly > > more difficult - all the content is there in the file, ready for anyone > > to see (or otherwise you wouldn't be able to load it for read-only use > > without a password). > > > > Let me repeat: There is, intrinsically, no security in these flags. If > > you need security, use something else. > > > > What you can do is sign the document. Then anyone will still be able to > > make a modified version, but you can check the signature and detect if > > anything was changed. Maybe that's what you're looking for? > > You're right Niklas, that there is no security from password protected > workbooks. Just unzipping the file, is enough to find the contents. > It might of course, be a little barrier to prevent people having access > right away. > Furthermore, one could wonder why bothering about password protection of > workbooks/sheets at all, if the protection is a bit of useless.
Considering the content.xml is encrypted when any OOo file is saved with password, I do not see how unzipping does anything. Please explain. > > Anyway, thanks to all who explained about secrurity by signatures and > the file system. > No problem. > Beside that, I've thought about another way, convenient for Calc, to > reach a fine level of security: > a - put data/formula's, vital for using the document, in macro's, and > let the user start those by a button; > b - password protect that library (can't be the Standard-lib). > > As far as I've found, this is secure (conversion to xls does not convert > the macro's). If anyone has any doubt, pls let me know ;-) > If you save in a foreign, proprietary format for which there is no API please explain how OOo should export its security features. I think this is neither a possible nor reasonable expectation. OOo docs, protected with digital signatures and encrypted seem very safe to me. -- PLEASE KEEP MESSAGES ON THE LIST. OpenOffice.org Documentation Co-Lead http://documentation.openoffice.org/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
