Office suite security is hard
Posted Jun 14, 2007 9:28 UTC (Thu) by MathFox
In reply to: BadBunny? Only if you invite it in
Parent article: BadBunny? Only if you invite it in
For programmers (and I include the developers of office suite scripts in this group) it is great to have a powerful programming language with easy access to the features they may need, like local file access, network access, GUI elements, etc. This will quickly lead to Turing- and virus-complete scripting languages.
Making effective macro control polices is hard. Imagine a technical writer at a software firm who has to do a fact sheet for the company website, referring to some (confidential) design documents. One would want to remove the ability to connect to outside websites from the confidential documents (to prevent information leaks) while allowing an upload of the HTML code to the company external website.
With tools for macro access control (controlling which functionality macros may access depending on the type of document) one can implement a security policy. An macro on/off switch is too crude, those tools have to be more sophisticated than that; people should be able to do their work effectively.
to post comments)