Difference between revisions of "Security/Document Integrity"
Line 11: | Line 11: | ||
== Check ODF integrity in OOo 3.2 == | == Check ODF integrity in OOo 3.2 == | ||
− | Assuming that the conformance clause above will be added to the ODF specification, OOo should warn when loading documents | + | Assuming that the conformance clause above will be added to the ODF specification, OOo should warn when loading documents containing streams not registered in manifest.xml.(issue #XXXXX)<br> |
This shouldn't be a problem for older documents (written with OOo), because OOo is already registering all files in manifest.xml | This shouldn't be a problem for older documents (written with OOo), because OOo is already registering all files in manifest.xml |
Revision as of 10:15, 10 July 2009
The best way to ensure document integrity is to digitally sign the documents.
But most people won't do it, or even don't have the infrastructure for this, so there should be some light weight mechanism for checking the document integrity
ODF conformance clause
The ODF specification should have some conformance clause, that all files, maybe except package meta data in META-INF folder, must be registered in manifest.xml.
When this is defined, an ODF application should not load any files which are not registered in manifest, or show a warning to the user.
Check ODF integrity in OOo 3.2
Assuming that the conformance clause above will be added to the ODF specification, OOo should warn when loading documents containing streams not registered in manifest.xml.(issue #XXXXX)
This shouldn't be a problem for older documents (written with OOo), because OOo is already registering all files in manifest.xml