[Libreoffice-ux-advise] [Bug 135508] Relative linked text sections should automatically read on document opening

Mon Jan 11 05:12:08 UTC 2021

https://bugs.documentfoundation.org/show_bug.cgi?id=135508

Mike Kaganski <mikekaganski at hotmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |WONTFIX
             Status|UNCONFIRMED                 |RESOLVED

--- Comment #4 from Mike Kaganski <mikekaganski at hotmail.com> ---
(In reply to Heiko Tietze from comment #3)
> Understand this question as a security measure.

Absolutely. The request is out of question, because automatically reading an
external document (even local one) may lead to all kinds of security/privacy
issues, think about documents with URLs to sites that track your IP; the link
in fact could be in the document near the main one, if you received several
malicious documents in a ZIP, so links to local files are not safe.

> Could agree if author and current user are the same. Mike, what's your take?

An author/user name is not secure data; they are mainly for convenience. No one
prevents me from entering the same user name into my copy of LO, if I ever get
a sample document from you, and see the user name mentioned there (and even if
I never get a document from you, I may prepare several versions of malicious
documents with reasonably guessed user names). It could be only used in signed
documents, where you can have some level of confidence that the authors are
actually what it claims they are ... then how likely would it improve UX for
users who "have to (re-)open several documents a day"? Or is it reasonable that
users' documents reopened that often are all signed (likely finalized, or else
they will nag the users with a different question about "edits will invalidate
the signature")?

-- 
You are receiving this mail because:
You are on the CC list for the bug.