PRB: Password Protected Word Documents May be Edited If Opened by OLE (810580)
The information in this article applies to:
- Microsoft Word 2002
- Microsoft Word 2000
- Microsoft Word 97 for Windows
SUMMARYDocuments that are created in Word and that use a
Modify Password option to prevent editing or saving changes to
a document can be opened and modified without the password. This may occur if
the document is opened by a client for OLE that uses IOleObject::DoVerb with the Open verb. A user can then edit or save the document without knowing
the password.STATUS This
behavior is by design.MORE INFORMATION Word provides a Modify Password option as
a non-secure method of preventing accidental modification of a document. You
can find this Modify Password option on the
Tools menu if you click Options. The
Modify Password option enables a flag that prevents Word from
allowing users to edit and to save a document without a password to disable the
flag. However, the Modify Password option does not use
encryption. Therefore, the Modify Password option can be
bypassed by any application that wants to bypass the option. Word grants edit
access to an OLE host that requests access.
If you must protect
documents from being edited by outside applications or processes, you must
provide an Open Password instead. The Open
Password option encrypts the file by using the strongest encryption
that is available on the computer at the time of the Save.
Without strong encryption, you cannot prevent another application from gaining
modify access to a document.REFERENCES For additional information about related
problems that are caused by this design, click the following article number to
view the article in the Microsoft Knowledge Base: 209638
WD: No Password Prompt for "Modify" in Mail Client
| Modification Type: | Major | Last Reviewed: | 4/29/2003 |
|---|
| Keywords: | kbprb KB810580 kbAudDeveloper |
|---|
|