Security Basics mailing list archives
Re: password protection in office XP documents
From: Brian Eckman <eckman () umn edu>
Date: Mon, 16 Jun 2003 08:45:22 -0500
security () rexwire com wrote: > Why has Microsoft bothered putting document protection in their > application? It takes 5 seconds to by pass it. Let me make sure I understand what you are saying.
Save a office document (that has document protection) as a .html document and than edit the page in a html editor, remove everything between the <o:DocumentProperties> </style>. Now open this page in word and all the protection is gone. No need to know the password.
If you had the office document open, which AFAIK you need to do in order to save it as HTML, then don't you already know the password? If not, how did you open it and save it as HTML without knowing the password? That would be a flaw worth noting.
If you have the document open, you can remove the password from within the Office application. It would be a lot faster.
Microsoft evens documents this in their help file. Should this not be considered a security violation from a user point of view SKP
I fail to see any flaw in what you have listed. Am I missing something? Or are you expecting Office to allow you to password protect HTML files? I don't believe it claims to do that, and it shouldn't be a surprise that it cannot do that.
If you want to use it's "protection", leave it in .doc format. Passwords are still crackable with the right software, but that isn't news.
-- Brian Eckman Security Analyst OIT Security and Assurance University of Minnesota 612-626-7737 "There are 10 types of people in this world. Those who understand binary and those who don't." --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare.Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Current thread:
- password protection in office XP documents security (Jun 13)
- RE: password protection in office XP documents Larry Seltzer (Jun 16)
- Re: password protection in office XP documents Brian Eckman (Jun 16)
- Re: password protection in office XP documents Leif Gregory (Jun 16)
- Re: password protection in office XP documents Brian Eckman (Jun 17)
- Re: password protection in office XP documents Leif Gregory (Jun 17)
- Re: password protection in office XP documents Brian Eckman (Jun 17)
- RE: password protection in office XP documents security (Jun 18)
- Re: password protection in office XP documents Brian Eckman (Jun 18)
- RE: password protection in office XP documents security (Jun 18)
- Re: password protection in office XP documents Leif Gregory (Jun 16)
- <Possible follow-ups>
- Re: password protection in office XP documents John Benstead (Jun 16)
- RE: password protection in office XP documents matt willson (Jun 16)
- RE: password protection in office XP documents news.ajanas (Jun 17)
- RE: password protection in office XP documents matt willson (Jun 16)