4 Security Considerations
4.1 Security Considerations for Implementers
The password verifier features available in the file format are used to prevent accidental modification, rather than being used as security features. It is possible to remove the passwords by removing the records containing the verifier values.
The translation of passwords from a double-byte Unicode string to a new character string in the ANSI code page of the current system converts any Unicode character that cannot be mapped to the ANSI code page of the current system to the 0x3F character in that code page, as described in [ISO/IEC29500-1:2011] section 18.2.29. Replacing these characters with "0x3F" when the hash is verified will generate positive hash value matches. In certain locales, this can be a significant portion of the everyday character set (1).
Further security considerations regarding the file encryption algorithms are described in [MS-OFFCRYPTO] section 4.1.3.
4.2 Index of Security Fields
None.
5 Appendix A: Full XML Schema
For ease of implementation, this section provides the full W3C XML schemas for the new elements, attributes, complex types, and simple types specified in the earlier sections. Any schema references to namespaces included in Office Open XML file formats as described in [ISO/IEC29500:2011] refer specifically to the transitional schemas as described in [ISO/IEC29500-4:2011].
For ease of implementation, the following sections provide the full XML schema for this protocol.
Schema name
|
Prefix
|
Section
|
schemas.microsoft.com/office/excel/2006/main
|
|
section 5.1
|
schemas.microsoft.com/office/drawing/2010/slicer
|
|
section 5.2
|
schemas.microsoft.com/office/spreadsheetml/2010/11/main
|
|
section 5.3
|
schemas.microsoft.com/office/spreadsheetml/2009/9/main
|
|
section 5.4
|
schemas.microsoft.com/office/spreadsheetml/2009/9/ac
|
|
section 5.5
|
xl12AcSchemaUri
|
|
section 5.6
|
schemas.microsoft.com/office/drawing/2012/timeslicer
|
|
section 5.7
|
5.1 http://schemas.microsoft.com/office/excel/2006/main Schema
5.2 http://schemas.microsoft.com/office/drawing/2010/slicer Schema
5.3 http://schemas.microsoft.com/office/spreadsheetml/2010/11/main Schema
Dostları ilə paylaş: |