OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Change Tracking issue


I have been thinking about a security issue with every office document
that it might be a good idea to include into the ODF specification.

The history of edits, or "Change Tracking". I know that this is a
heavily used feature and cannot be removed from the specification. The
problem lies in keeping that history in the document. I do not know of a
single person who will retype a letter completely from scratch if they
have one that can be modified slightly to meet the current need. This is
a common practice even with business communications with clients. The
problem with this is that the history will often contain confidential
information about the client it was originally written for.

I propose that the ODF address this issue by requiring that such history
data be stored in an external file rather than the original document by
default, to make ODF files meet all regulations pertaining to data
protection [ Privacy Protection Laws ] and reduce the risks of account
specifics being passed on to those with no right to them.

Microsoft's Office format files have the history embedded into them,
which was shown to contain every single revision, including a credit
card number in one case. This caused me to look at an OOo file and a
K-Office file, both have the same issue of storing the history like
this, with both using the ODF file specification as default file type.

It will be easier to get the Office Suites to change their handling of
history functionality if the specification is changed to require the
change tracking to be separated from the main file.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]