• Categories

  • Wayback Machine

  • My Defunct Podcast

    The Bungee Line was an audio podcast for web developers, covering web API's, software development, and the creation of richly interactive web applications.

    podcast feed  Main Feed

OpenOffice.org Security and VBA Macros

Posted on August 22, 2006 by Ted Haeger

OpenOffice.org Calc IconA comment on my recent VBA Macros update asks several questions about security for macros in OpenOffice.org.

I asked Noel Power to help me out, and he graciously provided us with some brief answers to show some of what he is thinking about regarding security for macros.

  1. Are you guys going to do anything about security?
    Openoffice.org is serious about security. Recently a dedicated team has been set up to respond to security issues. That team are continually evaluating the security aspects of the application, some insightful comments from one of the Openoffice.org security experts can found here.
  2. Will you retrofit a carefully considered security model (like Java has) into VBA?
    No – it’s not sensible. Scripting in Openoffice.org is more than just Basic. How about Python bindings, etc.?
  3. Will you support digital signatures to help users decide whether to execute a particular document/program?
    Openoffice.org already supports signing of macros and you can configure the application so that only signed macros are allowed to be executed.
  4. How will you avoid importing VBA trojans and viruses to OO?
    Macro signing, querying the user before executing, macros. Enterprise-wide lock-down to manage those settings easily.

Filed under: Free Software, Novell |

« »

5 Responses

  1. FlyingGuy, on August 25, 2006 at 1:06 pm said:

    Hey guys,

    Here’s a thought… How about doing the Macro’s ala old school Word Perfect! No maybe its just me, but you could do damn near ANYTHING in theose EXCEPT screw around with the file system! You could not delete files, you could not call system functions, in short you were Sandboxed the old fashioned way, YOU COULD NOT GET TO THE OS!

    Some might say, but I need to be able to make calls to the OS cause I need to do stuff! Bologna! If you are doing mail merges this that or the other, then you could open a document that WP could open and *nothing* more.

    -FG

    Reply
  2. Ted Haeger, on August 25, 2006 at 1:59 pm said:

    FG:
    Your idea is solid enough, but I think I may not have been clear on why Novell is working on VBA support. Our goal is not to create a macro engine or language for OOo. It’s to provide better document compatability with Microsoft Office. We have found that many organizations need their Excel macros to work across all their desktop systems. Adoption of OpenOffice.org , and therefore desktop Linux, is hindered by this need. We’re working to fix that.
    I hope to post a more complete view of our OOo work in the next few days.
    –RT

    Reply

Leave a comment