Date: prev next · Thread: first prev next last
2017 Archives by date, by thread · List index


On 07.06.2017 21:13, Björn Ruytenberg wrote:
Hello,

Having read through some of the LO documentation [1] and bug 80538 [2], 
it is my understanding LO's read-only mode is intended to prevent 
document edits.

yes.

Particularly interesting to me is its intended purpose regarding 
security. In Microsoft Office, the "Protected View" sandbox prevents any 
active content from being loaded [3], e.g.
- Embedded ActiveX/COM controls
- Hyperlinks (i.e. these are not clickable)
- VBA macros

One case in which the Office "Protected View" is triggered is when 
opening a document downloaded from a remote server. The user may then 
decide to disable the sandbox by clicking "Edit document".

In LibreOffice, the same use case appears to trigger "read-only" mode, 
also while showing a "Edit document" button. This would seem to suggest 
similar behavior to "Protected View", in that some protections may be 
provided. Unfortunately, I have not been able to find any LO 
documentation to confirm this. Can anyone give me some pointers and/or 
indicate where I could read up on this topic?

i don't think that "read-only" was intended as a security mode.

there is a "Macro Security" setting in
Tools->Options->LibreOffice->Security that can be used to disable BASIC
or whatever macros being executed, and there are settings about clicking
on hyperlinks in the "Security Options and Warnings" dialog - i don't
expect any of these settings to depend on the read-only status of the
document.

LibreOffice used to support NPAPI plugin content embedded in documents,
but that was removed recently due to general obsolescence of NPAPI
plugins and particularly wrt. security, Adobe's Flash NPAPI plugin
approaching EOL.

oh, the user is unable to activate OLE objects embedded in the document
in read-only mode, i guess you could call that an accidental security
feature... alas if you right click on them you get an "Edit" item that
switches the document to editable, so maybe not.

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.