Stealth Mode

Browsers and email clients typically offer a mode in which automatic access to remote content (like loading a linked graphic) is blocked. This helps improve both privacy (so the other end cannot track you opened a document that contains a well-crafted link) and security (when there are exploitable bugs in rendering certain graphics formats, say). And the demand to offer such a “stealth mode” for LibreOffice, too, naturally arises from that.
Upcoming LibreOffice¬†4.2 will start to offer this feature in stealth mode, so to say. The Options dialog’s “Security – Options…” page contains a new “Block any links from documents not among the trusted locations” check box, using the list of trusted locations managed on the “Security – Macro Security… – Trusted Sources” page. When enabled, a matching document’s references to any external entities are not resolved. This includes resources like linked graphics, movies, and sounds, references to external settings like color and gradient tables, and ODF’s “auto-reload” feature.

securityoptins

But in its current form this is more of a proof-of-concept than a fully fleshed-out feature (and hence comes in stealth mode for now):

  • Managing the mode is awkward. You likely want to select this more interactively on a case-by-case basis (probably in addition to a more static setting of which locations to always/never put under this treatment).
  • An unresolved link cannot easily be resolved manually afterwards. For example, an unloaded graphic is represented as an unclickable hyperlink, and there is no way to explicitly load it later.
  • All of a document’s external references are treated the same. It does not make a difference whether they come from the same origin as the document itself or reference the default color table, for example.
  • While the implementation tries to be thorough, it might not yet have identified all places in the code where access to external resources needs to be blocked.

So consider this a starting point from wich a truly useful feature will emerge over time. And feel free to try it out and give feedback, of course.

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s