A comment on my recent VBA Macros update asks several questions about security for macros in OpenOffice.org.
I asked Noel Power to help me out, and he graciously provided us with some brief answers to show some of what he is thinking about regarding security for macros.
- Are you guys going to do anything about security?
Openoffice.org is serious about security. Recently a dedicated team has been set up to respond to security issues. That team are continually evaluating the security aspects of the application, some insightful comments from one of the Openoffice.org security experts can found here.
- Will you retrofit a carefully considered security model (like Java has) into VBA?
No - it’s not sensible. Scripting in Openoffice.org is more than just Basic. How about Python bindings, etc.?
- Will you support digital signatures to help users decide whether to execute a particular document/program?
Openoffice.org already supports signing of macros and you can configure the application so that only signed macros are allowed to be executed.
- How will you avoid importing VBA trojans and viruses to OO?
Macro signing, querying the user before executing, macros. Enterprise-wide lock-down to manage those settings easily.