Re: Template Security

From: Rob Schneider (rmschne_at_removetheones_b1e1e1b.net.net)
Date: 08/03/04 

Date: Tue, 03 Aug 2004 21:06:14 +0100

Well ... Scot didn't say what risk he is worrying about. Hence I'm not
going to assume. Nor was I prepared to elaborate on why one would
protect a template. Never even entered my mind to discuss. Sorry you
seem disappointed that I should have done that. Protecting macros is a
good thing to do. Scot didn't say that, though.

I just was thinking that before one applies security/control, one needs
to define/understand the risk they are dealing with.

I've seen so many documents where people used pw to "protect" them, and
then they "forgot" and got locked out. There are many ways to control
things (I don't know what you mean by "anything") in a multi-user
environment without proliferation of passwords. Profilferation of
passwords is thought by many (and I'm in that camp) is security risk in
itself.

You imply (maybe I'm wrong) that you know of a way to "control
passwords" ... in a "multi-user enviornment". Is this a centralized
way? How do you keep track of the pw that anyone puts on a Word
document or template?

I agree Word does not provide appropriate security to deal with any
serious risk. Frankly, I hope they never ever provide this. Word is a
word processor and writing tool. I hope it stays that way. Mitigate
serious risks using other appropriate measures.

Hope this is useful to you. Let us know.

rms

Jezebel wrote:
> It seems perverse to say you'd "not bother" using a password for fear that
> you'll forget the password. There are downsides to password-protecting a
> template, but assuming we're dealing with a serious intentions, *that* isn't
> one of them. If you can't control your passwords then you can't control
> *anything* in a multi-user environment.
>
> Of course there are situations in which Word is not appropriate for
> controlling "high-risk transactions" -- all of them. As already stated Word
> doesn't even begin to provide security to deal with any serious risk.
>
> Your examples omit the most common reason for protecting the template:
> namely to hide the code, either to prevent someone stealing it outright, or
> to prevent them duplicating it and then running it with modifications.
> Write-protecting the file or folder obviously won't help with that.
>
>
>
>
> "Rob Schneider" <rmschne@removetheones_b1e1e1b.net.net> wrote in message
> news:Os9TOMSeEHA.236@tk2msftngp13.phx.gbl...
>
>>This probably would work, but I guess I would not bother since it runs
>>risk of this password being forgotten and then everyone is locked out of
>>the template file.
>>
>>I would recommend you step back and figure out what risk you are
>>concerned with and then mitigate that risk.
>>
>>If you are concerned that someone will change the template so that it it
>>is messed up for future users ... then consider protecting the template
>>file via the server permissions to ensure users can't write back to the
>>source template file.
>>
>>If you are concerned that someone will change modify the document on
>>which the template is based and do something "bad" ... then this a
>>different risk. I can imagine where this would be very easy to do no
>>matter what permissions/security you put on the template. In certain
>>situations I can also imagine where Word would not be the appropriate
>>tool for controlling high-risk transactions.
>>
>>Bottom line: focus on the "what", then work the "how".
>>
>>Hope this is useful to you. Let us know.
>>
>>rms
>>
>>
>>
>>
>>Jezebel wrote:
>>
>>>Open the template itself. Switch to VBA. Select the template project in
>
> the
>
>>>Project Explorer window. Go to Tools > Project Properties. Select the
>>>Protection tab. Enter a password.
>>>
>>>Note that this is not brilliant security: it's sufficient to prevent
>
> most
>
>>>unauthorised access, but it is defeatable.
>>>
>>>
>>>
>>>
>>>"Scott" <scott.birch@sai-global.com> wrote in message
>>>news:9e5101c4790e$8a88ca20$a401280a@phx.gbl...
>>>
>>>
>>>>Hi All,
>>>>
>>>>Does anyone know of a way in which I can password protect
>>>>a template so that it can't be modified by an unauthorised
>>>>user?
>>>>
>>>>I have looked into password protecting the document via
>>>>the "password to Modify" switch, but this can be easily
>>>>removed by a user and also presents users with a message
>>>>box whenever they open a document based on the template.
>>>>
>>>>It would be preferable if no macros, styles or autotext
>>>>could be modified by an unauthorised user.
>>>>
>>>>Kind Regards,
>>>>
>>>>Scott
>>>
>>>
>>>
>
>

Relevant Pages

  • Re: Template Security
    ... I would recommend you step back and figure out what risk you are ... If you are concerned that someone will change the template so that it it ... source template file. ... >>Does anyone know of a way in which I can password protect ...
    (microsoft.public.word.docmanagement)
  • Re: Delete single newline between tables
    ... automation system has complete control over the content of the ... any more risk than the "blank line between tables" solution. ... touch the template prior to the document being created from it, ... There's no way to get rid of the newline itself, ...
    (microsoft.public.word.vba.general)
  • Re: Template Security
    ... If you can't control your passwords then you can't control ... doesn't even begin to provide security to deal with any serious risk. ... Your examples omit the most common reason for protecting the template: ... > source template file. ...
    (microsoft.public.word.docmanagement)
  • Re: Word XP "/t" Switch Now Results in Errors
    ... When you open Word using the /t switch, it does not open the template; ... There is no risk of saving ...
    (microsoft.public.word.application.errors)
  • Re: How to restore IE from the automatic download of files
    ... now I've just turned the whole security to the "Medium" risk default ... template). ...
    (microsoft.public.windowsxp.general)