Re: password protection in office XP documents

[Leif Gregory <leifg () doh state nm us>]

Hello Brian,

Tuesday, June 17, 2003, 7:46:42 AM, you wrote:
BE> Gosh, if I wanted to bypass those, I'd copy the existing Office
BE> file into a new one and make my changes, then save it over the old
BE> one. Seems like it would be a quicker "hack", and would be easier
BE> for most people than saving it as HTML and editing the source
BE> code, then saving it back as an Office file.

BE> Now, one could get into file system rights arguments, but if you save it
BE> as HTML, you are creating a new file. Now there will be a .doc and an
BE> .html, and if you have rights to turn the .html back into the .doc, then
BE> you can do what I mentioned above as well.

BE> I still fail to see any flaw here. What was reported is opening the HTML
BE> file in Office and the protection is gone. The HTML file is a *new* file
BE> that you created; the original Office file still has the protection.

But see, it's not a file rights issue. It's an XML document property
tag (if that is the right terminology). It's an integral piece of the
Word document. Copying it retains the document properties, therefore
the protection. Converting it to HTML brings the document properties
into plaintext, which you can highlight and delete.

For instance, if you convert a protected document to HTML, and then,
without changing anything, save (convert) the HTML document back into
a Word document, it retains the document properties and the
protection.

It's not opening the HTML document in Word, it's viewing it's source
and deleting the XML document properties tag that makes this work.
Here's a test document I created and its resulting document property
tag when the HTML source is viewed after conversion.

,------ [ HTML source of document after conversion to HTML ]
| <o:DocumentProperties>
|   <o:Author>Leif Gregory</o:Author>
|   <o:LastAuthor>Leif Gregory</o:LastAuthor>
|   <o:Revision>2</o:Revision>
|   <o:TotalTime>12</o:TotalTime>
|   <o:Created>2003-06-17T16:02:00Z</o:Created>
|   <o:LastSaved>2003-06-17T16:02:00Z</o:LastSaved>
|   <o:Pages>1</o:Pages>
|   <o:Words>2</o:Words>
|   <o:Characters>14</o:Characters>
|   <o:Company>DOH</o:Company>
|   <o:Lines>1</o:Lines>
|   <o:Paragraphs>1</o:Paragraphs>
|   <o:CharactersWithSpaces>15</o:CharactersWithSpaces>
|   <o:Version>10.4219</o:Version>
| </o:DocumentProperties>
`----------

What I find interesting, is that these document properties do not
actually contain the protection method. That portion is contained in
the WordDocument portion of the document as follows:

,------ [ Portion appearing just below the document properties ]
| <w:WordDocument>
|   <w:Zoom>0</w:Zoom>
|   <w:DocumentProtection>Comments</w:DocumentProtection>
|   <w:TrackRevisions/>
|   <w:Compatibility>
|    <w:BreakWrappedTables/>
|    <w:SnapToGridInCell/>
|    <w:WrapTextWithPunct/>
|    <w:UseAsianBreakRules/>
|   </w:Compatibility>
|   <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
| </w:WordDocument>
`----------

The interesting part is that you can leave this portion in the
document, while deleting the first quoted portion, and it works. You
can clearly see that the second quoted area shows the protection
method as <w:DocumentProtection>Comments</w:DocumentProtection>. The
first quoted portion (DocumentProperties) makes no reference to the
second portion (WordDocument), but the "hack", so to speak, works just
by deleting the first portion. My guess is it's something to do with
the way XML works, which I have no real experience with.

Now I agree that this isn't so much a flaw as it is an interesting
fluke. It particularly appeals to me because people around here (my
work) are way overly protective of everything. As a Systems Analyst, I
get a lot of requests by people who have received a document they need
to do something with, and a change needs to be made to it, but they
can't because the document creator protected it.

For clarity sake here is the entire document properties in the correct
order.

,------ [ Whole of XML for Document Properties ]
| <!--[if gte mso 9]><xml>
|  <o:DocumentProperties>
|   <o:Author>Leif Gregory</o:Author>
|   <o:LastAuthor>Leif Gregory</o:LastAuthor>
|   <o:Revision>2</o:Revision>
|   <o:TotalTime>12</o:TotalTime>
|   <o:Created>2003-06-17T16:10:00Z</o:Created>
|   <o:LastSaved>2003-06-17T16:10:00Z</o:LastSaved>
|   <o:Pages>1</o:Pages>
|   <o:Words>2</o:Words>
|   <o:Characters>14</o:Characters>
|   <o:Company>DOH</o:Company>
|   <o:Lines>1</o:Lines>
|   <o:Paragraphs>1</o:Paragraphs>
|   <o:CharactersWithSpaces>15</o:CharactersWithSpaces>
|   <o:Version>10.4219</o:Version>
|  </o:DocumentProperties>
| </xml><![endif]--><!--[if gte mso 9]><xml>
|  <w:WordDocument>
|   <w:SpellingState>Clean</w:SpellingState>
|   <w:GrammarState>Clean</w:GrammarState>
|   <w:DocumentProtection>Comments</w:DocumentProtection>
|   <w:TrackRevisions/>
|   <w:Compatibility>
|    <w:BreakWrappedTables/>
|    <w:SnapToGridInCell/>
|    <w:WrapTextWithPunct/>
|    <w:UseAsianBreakRules/>
|   </w:Compatibility>
|   <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
|  </w:WordDocument>
| </xml><![endif]-->
`----------


Take care.

-- 
Leif



---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------