Author: kiwiwings
Date: Mon Apr 8 21:03:27 2019
New Revision: 1857140
URL: http://svn.apache.org/viewvc?rev=1857140&view=rev
Log:
change invalid link to a similar reference
Modified:
poi/site/src/documentation/content/xdocs/encryption.xml
Modified: poi/site/src/documentation/content/xdocs/encryption.xml
URL: http://svn.apache.org/viewvc/poi/site/src/documentation/content/xdocs/encryption.xml?rev=1857140&r1=1857139&r2=1857140&view=diff
==============================================================================
--- poi/site/src/documentation/content/xdocs/encryption.xml (original)
+++ poi/site/src/documentation/content/xdocs/encryption.xml Mon Apr 8 21:03:27 2019
@@ -45,7 +45,8 @@
use the same encryption logic over all formats. When encrypted, the zipped files
will be
stored within an OLE file in the EncryptedPackage stream.<br/>
If you plan to use POI to actually generate encrypted documents, be aware not to
use anything less than
- agile encryption, because <a href="https://blogs.msdn.com/b/david_leblanc/archive/2010/04/16/don-t-use-office-rc4-encryption-really-just-don-t-do-it.aspx">RC4
is not really secure</a>.
+ agile encryption, because <a href="https://eprint.iacr.org/2005/007.pdf">RC4
is not really secure</a> and
+ <a href="https://blog.cryptographyengineering.com/2011/12/01/how-not-to-use-symmetric-encryption/">ECB
chaining is problematic too</a>.
Of course you'll need to make sure, that your clients can read the documents,
i.e. the various free Excel, Powerpoint, Word viewers have limitations in the cipher
or hashing parameters.<br/>
If you want to use high encryption parameters, you need to install the "Java Cryptography
Extension (JCE) Unlimited
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org
|