If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Office/Word not a good tool for read-only emailed docs?
I'm wondering if .pdf would be better. That's what the government
uses mostly it seems. Word docs are too difficult to protect (make read-only): requires IRM which requires Server 2003 or passport accounts for recipients and browser client and doubles file size. Does it really take that much technology to make a doc readonly??!! Is PDF the simpler solution to sending protected documents outside of a company (to clients, for example: contracts)? Tony |
#2
|
|||
|
|||
Office/Word not a good tool for read-only emailed docs?
Hi Tony
This topic is often discussed in the newsgroups. You're correct... sort of. Word was always designed to be an *editor* -- a program for creating and modifying documents. Any efforts to make Word documents uneditable are really fighting the nature if the thing. PDF was designed as a display/print format. Unless you have the full Acrobat authoring program, it is (or was, until recently) fairly hard to modify an existing PDF file. There are now a number of programs, mostly optical character recognition (OCR), that can easily turn a PDF file into a Word file, making PDF considerably less secure than you think. And it was always possibly to print the PDF and then scan/OCR the paper copy. The rule to remember is "if I can read your document, I can alter it." The only electronic document that's really safe from tampering is the one you never send to anyone. If it's a matter of legal proof, use paper or escrow the documents with a third party. "tony" wrote: I'm wondering if .pdf would be better. That's what the government uses mostly it seems. Word docs are too difficult to protect (make read-only): requires IRM which requires Server 2003 or passport accounts for recipients and browser client and doubles file size. Does it really take that much technology to make a doc readonly??!! Is PDF the simpler solution to sending protected documents outside of a company (to clients, for example: contracts)? Tony -- Regards, Jay Freedman Microsoft Word MVP FAQ: http://www.mvps.org/word |
#3
|
|||
|
|||
Office/Word not a good tool for read-only emailed docs?
"Jay Freedman" wrote in message ... Hi Tony This topic is often discussed in the newsgroups. You're correct... sort of. Word was always designed to be an *editor* -- a program for creating and modifying documents. Any efforts to make Word documents uneditable are really fighting the nature if the thing. PDF was designed as a display/print format. Unless you have the full Acrobat authoring program, it is (or was, until recently) fairly hard to modify an existing PDF file. There are now a number of programs, mostly optical character recognition (OCR), that can easily turn a PDF file into a Word file, making PDF considerably less secure than you think. And it was always possibly to print the PDF and then scan/OCR the paper copy. The rule to remember is "if I can read your document, I can alter it." The only electronic document that's really safe from tampering is the one you never send to anyone. If it's a matter of legal proof, use paper or escrow the documents with a third party. So you're saying that the following scenario cannot be had: I create a contract of some sort, protect it, email it to a client, have them print it out, sign it and send it back to me via snail mail. I have no way of knowing if an "or" was changed to "and" somewhere in the document by any means available. OK, understood. But what if I just wanted it to be NOT SO EASY to exploit? Couldn't it be made much more simpler than IRM? What does IRM get me that some kind of password read-only protection couldn't get me? The problem with "read-only" in Word is that it's still copyable and saveable, especially form fields are hard to protect. Why can't MS implement real read-only where no caret would even show up in the doc and no cut-n-paste or save as another file would be allowed without the password? Isn't this very fundamental (sending a contract or other document to someone outside of the company!)? I just don't understand why it has to be so difficult and so imposing on authors and recipients (I need a service to send a read-only doc or receive one? Ouch!). I'm trying to give a client of mine this functionality and am now looking at conversion to PDF via a print driver as a simpler solution than IRM to get read-only functionality. If I would have known this would become an issue, I may have chosen Acrobat to begin with rather than Word. Certainly I'm going to be asked by the client why I selected Word in the first place if we end up converting to PDF in then end. Tony "tony" wrote: I'm wondering if .pdf would be better. That's what the government uses mostly it seems. Word docs are too difficult to protect (make read-only): requires IRM which requires Server 2003 or passport accounts for recipients and browser client and doubles file size. Does it really take that much technology to make a doc readonly??!! Is PDF the simpler solution to sending protected documents outside of a company (to clients, for example: contracts)? Tony -- Regards, Jay Freedman Microsoft Word MVP FAQ: http://www.mvps.org/word |
#4
|
|||
|
|||
Office/Word not a good tool for read-only emailed docs?
"tony" wrote in message ... "Jay Freedman" wrote in message ... Hi Tony This topic is often discussed in the newsgroups. You're correct... sort of. Word was always designed to be an *editor* -- a program for creating and modifying documents. Any efforts to make Word documents uneditable are really fighting the nature if the thing. PDF was designed as a display/print format. Unless you have the full Acrobat authoring program, it is (or was, until recently) fairly hard to modify an existing PDF file. There are now a number of programs, mostly optical character recognition (OCR), that can easily turn a PDF file into a Word file, making PDF considerably less secure than you think. And it was always possibly to print the PDF and then scan/OCR the paper copy. The rule to remember is "if I can read your document, I can alter it." The only electronic document that's really safe from tampering is the one you never send to anyone. If it's a matter of legal proof, use paper or escrow the documents with a third party. So you're saying that the following scenario cannot be had: I create a contract of some sort, protect it, email it to a client, have them print it out, sign it and send it back to me via snail mail. I have no way of knowing if an "or" was changed to "and" somewhere in the document by any means available. OK, understood. But what if I just wanted it to be NOT SO EASY to exploit? Couldn't it be made much more simpler than IRM? What does IRM get me that some kind of password read-only protection couldn't get me? The problem with "read-only" in Word is that it's still copyable and saveable, especially form fields are hard to protect. Why can't MS implement real read-only where no caret would even show up in the doc and no cut-n-paste or save as another file would be allowed without the password? Isn't this very fundamental (sending a contract or other document to someone outside of the company!)? I just don't understand why it has to be so difficult and so imposing on authors and recipients (I need a service to send a read-only doc or receive one? Ouch!). I'm trying to give a client of mine this functionality and am now looking at conversion to PDF via a print driver as a simpler solution than IRM to get read-only functionality. If I would have known this would become an issue, I may have chosen Acrobat to begin with rather than Word. Certainly I'm going to be asked by the client why I selected Word in the first place if we end up converting to PDF in then end. Tony Actually, the functionality I want is available for NON-FORM documents by including a non-editable form field and then protecting the form. The problem is that I want that kind of protection for FORMS. What good would sending a "protected" invoice doc with editable form fields be?! Is there a way to get the functionality? Is this a bug/oversight in Word? Tony |
#5
|
|||
|
|||
Office/Word not a good tool for read-only emailed docs?
Well, you choose Word because you can't (practically) *create* documents in
Acrobat. -- Suzanne S. Barnhill Microsoft MVP (Word) Words into Type Fairhope, Alabama USA Word MVP FAQ site: http://word.mvps.org Email cannot be acknowledged; please post all follow-ups to the newsgroup so all may benefit. "tony" wrote in message ... "Jay Freedman" wrote in message ... Hi Tony This topic is often discussed in the newsgroups. You're correct... sort of. Word was always designed to be an *editor* -- a program for creating and modifying documents. Any efforts to make Word documents uneditable are really fighting the nature if the thing. PDF was designed as a display/print format. Unless you have the full Acrobat authoring program, it is (or was, until recently) fairly hard to modify an existing PDF file. There are now a number of programs, mostly optical character recognition (OCR), that can easily turn a PDF file into a Word file, making PDF considerably less secure than you think. And it was always possibly to print the PDF and then scan/OCR the paper copy. The rule to remember is "if I can read your document, I can alter it." The only electronic document that's really safe from tampering is the one you never send to anyone. If it's a matter of legal proof, use paper or escrow the documents with a third party. So you're saying that the following scenario cannot be had: I create a contract of some sort, protect it, email it to a client, have them print it out, sign it and send it back to me via snail mail. I have no way of knowing if an "or" was changed to "and" somewhere in the document by any means available. OK, understood. But what if I just wanted it to be NOT SO EASY to exploit? Couldn't it be made much more simpler than IRM? What does IRM get me that some kind of password read-only protection couldn't get me? The problem with "read-only" in Word is that it's still copyable and saveable, especially form fields are hard to protect. Why can't MS implement real read-only where no caret would even show up in the doc and no cut-n-paste or save as another file would be allowed without the password? Isn't this very fundamental (sending a contract or other document to someone outside of the company!)? I just don't understand why it has to be so difficult and so imposing on authors and recipients (I need a service to send a read-only doc or receive one? Ouch!). I'm trying to give a client of mine this functionality and am now looking at conversion to PDF via a print driver as a simpler solution than IRM to get read-only functionality. If I would have known this would become an issue, I may have chosen Acrobat to begin with rather than Word. Certainly I'm going to be asked by the client why I selected Word in the first place if we end up converting to PDF in then end. Tony "tony" wrote: I'm wondering if .pdf would be better. That's what the government uses mostly it seems. Word docs are too difficult to protect (make read-only): requires IRM which requires Server 2003 or passport accounts for recipients and browser client and doubles file size. Does it really take that much technology to make a doc readonly??!! Is PDF the simpler solution to sending protected documents outside of a company (to clients, for example: contracts)? Tony -- Regards, Jay Freedman Microsoft Word MVP FAQ: http://www.mvps.org/word |
#6
|
|||
|
|||
Office/Word not a good tool for read-only emailed docs?
A document doesn't have to have form fields to be protected as a form, but
this type of protection is easily defeated merely by using Insert | File to insert it into a new blank document. -- Suzanne S. Barnhill Microsoft MVP (Word) Words into Type Fairhope, Alabama USA Word MVP FAQ site: http://word.mvps.org Email cannot be acknowledged; please post all follow-ups to the newsgroup so all may benefit. "tony" wrote in message ... "tony" wrote in message ... "Jay Freedman" wrote in message ... Hi Tony This topic is often discussed in the newsgroups. You're correct... sort of. Word was always designed to be an *editor* -- a program for creating and modifying documents. Any efforts to make Word documents uneditable are really fighting the nature if the thing. PDF was designed as a display/print format. Unless you have the full Acrobat authoring program, it is (or was, until recently) fairly hard to modify an existing PDF file. There are now a number of programs, mostly optical character recognition (OCR), that can easily turn a PDF file into a Word file, making PDF considerably less secure than you think. And it was always possibly to print the PDF and then scan/OCR the paper copy. The rule to remember is "if I can read your document, I can alter it." The only electronic document that's really safe from tampering is the one you never send to anyone. If it's a matter of legal proof, use paper or escrow the documents with a third party. So you're saying that the following scenario cannot be had: I create a contract of some sort, protect it, email it to a client, have them print it out, sign it and send it back to me via snail mail. I have no way of knowing if an "or" was changed to "and" somewhere in the document by any means available. OK, understood. But what if I just wanted it to be NOT SO EASY to exploit? Couldn't it be made much more simpler than IRM? What does IRM get me that some kind of password read-only protection couldn't get me? The problem with "read-only" in Word is that it's still copyable and saveable, especially form fields are hard to protect. Why can't MS implement real read-only where no caret would even show up in the doc and no cut-n-paste or save as another file would be allowed without the password? Isn't this very fundamental (sending a contract or other document to someone outside of the company!)? I just don't understand why it has to be so difficult and so imposing on authors and recipients (I need a service to send a read-only doc or receive one? Ouch!). I'm trying to give a client of mine this functionality and am now looking at conversion to PDF via a print driver as a simpler solution than IRM to get read-only functionality. If I would have known this would become an issue, I may have chosen Acrobat to begin with rather than Word. Certainly I'm going to be asked by the client why I selected Word in the first place if we end up converting to PDF in then end. Tony Actually, the functionality I want is available for NON-FORM documents by including a non-editable form field and then protecting the form. The problem is that I want that kind of protection for FORMS. What good would sending a "protected" invoice doc with editable form fields be?! Is there a way to get the functionality? Is this a bug/oversight in Word? Tony |
#7
|
|||
|
|||
Office/Word not a good tool for read-only emailed docs?
But what if I just wanted it to be NOT SO EASY to exploit? Couldn't it be made much more simpler than IRM? What does IRM get me that some kind of password read-only protection couldn't get me? The problem with "read-only" in Word is that it's still copyable and saveable, especially form fields are hard to protect. Why can't MS implement real read-only where no caret would even show up in the doc and no cut-n-paste or save as another file would be allowed without the password? Isn't this very fundamental (sending a contract or other document to someone outside of the company!)? I just don't understand why it has to be so difficult and so imposing on authors and recipients (I need a service to send a read-only doc or receive one? Ouch!). I can't speak for MS, but the fundamental issue is that there's no point trying to create a truly read-only document. For most purposes, 'sort-of' security is worse than none at all. As MS have learnt to their cost, giving users a false sense of security is unwise. In any case, no matter what you do, if someone wants to create a changed version of your document they can always retype the damned thing and make any changes they like. Or OCR it, or print it to a file, or make it a point of pride to defeat your security. If you need to check if a document was changed by the reader, you need to compare versions with your original. |
#8
|
|||
|
|||
Office/Word not a good tool for read-only emailed docs?
"Suzanne S. Barnhill" wrote in message ... A document doesn't have to have form fields to be protected as a form, but this type of protection is easily defeated merely by using Insert | File to insert it into a new blank document. Even that is better than having the document directly editable though. Anyone changing a doc with the insert trick would have a tough time saying it was an accident. The question becomes though why this loophole is in Word to begin with. Tony |
#9
|
|||
|
|||
Office/Word not a good tool for read-only emailed docs?
"Suzanne S. Barnhill" wrote in message ... Well, you choose Word because you can't (practically) *create* documents in Acrobat. I thought it was just another word processor (?). Tony |
#10
|
|||
|
|||
Office/Word not a good tool for read-only emailed docs?
"Jezebel" wrote in message ... But what if I just wanted it to be NOT SO EASY to exploit? Couldn't it be made much more simpler than IRM? What does IRM get me that some kind of password read-only protection couldn't get me? The problem with "read-only" in Word is that it's still copyable and saveable, especially form fields are hard to protect. Why can't MS implement real read-only where no caret would even show up in the doc and no cut-n-paste or save as another file would be allowed without the password? Isn't this very fundamental (sending a contract or other document to someone outside of the company!)? I just don't understand why it has to be so difficult and so imposing on authors and recipients (I need a service to send a read-only doc or receive one? Ouch!). I can't speak for MS, but the fundamental issue is that there's no point trying to create a truly read-only document. For most purposes, 'sort-of' security is worse than none at all. That's what is there though. As MS have learnt to their cost, giving users a false sense of security is unwise. I don't see anything wrong with providing read-only as long as the level of security is documented (it could even be build into a wizard or something so there would be no chance of anyone misapplying it). Certainly there's a whole bunch of people doing the convert-to-pdf thing and that doesn't reflect well on Word since it appears incomplete. In any case, no matter what you do, if someone wants to create a changed version of your document they can always retype the damned thing and make any changes they like. Or OCR it, or print it to a file, or make it a point of pride to defeat your security. Yeah, but that would be extreme and take time and would probably be prosecutable. What recourse does a creator have if he sends an editable document: none! It's easily editable, the recipient could say, so you must have INTENDED for me to make modifications as I see fit! See, there is a place for read-only. you need to check if a document was changed by the reader, you need to compare versions with your original. Yep. And that may be a missing link in Word too: OCR and then verification of the result or something like that. People now DO the "send it away and get it back in the mail and then hold it up to the light against the original" thing so why not get that process under control? The whole discussion may be moot anyway though because Word file sizes are so large. Even if MS "fixed" the read-only problems, conversion to PDF would probably still be a better solution. I'm investigating that alternative now. I may have to look at digital signature technology and stuff before this is all over, but I think that would again impose too much upon the creator and recipient for the level of "security" required here. Tony |
Thread Tools | |
Display Modes | |
|
|