office-comment message

Subject: RE: [office-comment] ODF security hazard? (ODF all versions)

From: "Alex Brown" <alexb@griffinbrown.co.uk>
To: <office-comment@lists.oasis-open.org>
Date: Sat, 21 Feb 2009 15:15:36 -0000

Rob hi

> But I do think this would be good to collect a set of security 
> considerations into an Appendix, as we have with Bidi techniques and 
> Accessibility guidelines.  If there is interest we could also explore 
> a "Secure ODF" profile that would forbid things like OLE embeddings, 
> scripts, etc.

That sounds like a sensible approach.

Since the DTD feature is not needed though, it is one attack vector
which could be easily blocked by forbidding DTDs ...

- Alex.

Follow-Ups:
- Re: [office-comment] ODF security hazard? (ODF all versions)
  - From: Michael Brauer - Sun Germany - ham02 - Hamburg <Michael.Brauer@Sun.COM>
- RE: [office-comment] ODF security hazard? (ODF all versions)
  - From: "Dennis E. Hamilton" <dennis.hamilton@acm.org>

References:
- ODF 1.2 References
  - From: robert_weir@us.ibm.com
- Re: [office-comment] ODF 1.2 References
  - From: "MURATA Makoto (FAMILY Given)" <eb2m-mrt@asahi-net.or.jp>
- <text:s> element (etc) needs to be removed (ODF 1.2)
  - From: "Alex Brown" <alexb@griffinbrown.co.uk>
- Re: [office-comment] <text:s> element (etc) needs to be removed (ODF1.2)
  - From: Patrick Durusau <patrick@durusau.net>
- RE: [office-comment] <text:s> element (etc) needs to be removed (ODF 1.2)
  - From: "Alex Brown" <alexb@griffinbrown.co.uk>
- Conformance / validation / MathML redux (ODF 1.2 CD01)
  - From: "Alex Brown" <alexb@griffinbrown.co.uk>
- ODF security hazard? (ODF all versions)
  - From: "Alex Brown" <alexb@griffinbrown.co.uk>
- Re: [office-comment] ODF security hazard? (ODF all versions)
  - From: robert_weir@us.ibm.com