incubator-ooo-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 121141] New: Document Properties Security Tab Misnamed
Date Sun, 30 Sep 2012 18:59:37 GMT

          Priority: P3
            Bug ID: 121141
           Summary: Document Properties Security Tab Misnamed
          Severity: normal
        Issue Type: DEFECT
    Classification: Code
                OS: All
          Hardware: All
            Status: CONFIRMED
           Version: AOO 3.4.1
         Component: www
           Product: security

Created attachment 79694
This is the File | Properties dialog of AOOi 3.4.1 Writer, showing the
"Security" tab options.

In AOOi 3.4.1 Writer, the File | Properties dialog has a tab named "Security." 
The tab does not provide Security functionality.  It provides Protection
functionality with regard to having the document be kept read-only and to have
change-tracking locked using special protection attributes in the ODF settings

These are not security functions.  It is dangerous to identify them as anything
that protection measures.   

 1. The protections are trivial to defeat, without ever knowing the password.
 2. It is possible to use the protection hash to forge the protections on
altered documents and on other documents.
 3. Because the has of the protection password is in "plain sight" in the
document, the password is subject to attack, discovery, and compromise.

For more about the exposure of protection settings to various compromises, see

You are receiving this mail because:
You are on the CC list for the bug.

View raw message