Difference between revisions of "Security/Document Integrity"
| Line 5: | Line 5: | ||
== ODF conformance clause == | == ODF conformance clause == | ||
| − | The ODF specification should have some conformance clause, that all files, except package meta data in META-INF folder (signature streams for example), must be registered in manifest.xml. | + | The ODF specification should have some conformance clause, that all files, except package meta data in META-INF folder (signature streams for example) and the mimetype stream, must be registered in manifest.xml. |
When this is defined, an ODF application should not load any files which are not registered in manifest, or show a warning to the user. | When this is defined, an ODF application should not load any files which are not registered in manifest, or show a warning to the user. | ||
Revision as of 10:20, 10 July 2009
The best way to ensure document integrity is to digitally sign the documents.
But most people won't do it, or even don't have the infrastructure for this, so there should be some light weight mechanism for checking the document integrity
ODF conformance clause
The ODF specification should have some conformance clause, that all files, except package meta data in META-INF folder (signature streams for example) and the mimetype stream, must be registered in manifest.xml.
When this is defined, an ODF application should not load any files which are not registered in manifest, or show a warning to the user.
Check ODF integrity in OOo 3.2
Assuming that the conformance clause above will be added to the ODF specification, OOo should warn when loading documents containing streams not registered in manifest.xml.(issue #XXXXX)
This shouldn't be a problem for older documents (written with OOo), because OOo is already registering all files in manifest.xml
