Issue 105852 - first start wizard: user data field "Initials" filled with account name
Summary: first start wizard: user data field "Initials" filled with account name
Alias: None
Product: General
Classification: Code
Component: ui (show other issues)
Version: DEV300m59
Hardware: Sun All
: P3 Trivial (vote)
Target Milestone: OOo 3.2
Assignee: Martin Hollmichel
QA Contact: issues@framework
Keywords: regression
Depends on:
Blocks: 99999
  Show dependency tree
Reported: 2009-10-13 10:37 UTC by Oliver-Rainer Wittmann
Modified: 2017-05-20 10:28 UTC (History)
7 users (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: ---
Developer Difficulty: ---


Note You need to log in before you can comment on or make changes to this issue.
Description Oliver-Rainer Wittmann 2009-10-13 10:37:32 UTC
Since DEV300m59 the user data field "Initials" is filled in advance with the
account name.
In my point of view this is a security issue, because the account name should
not be included by default into OOo
Comment 1 Olaf Felka 2009-10-13 12:55:56 UTC
I'll announce this as a regression stopper.
Comment 2 carsten.driesner 2009-10-14 13:37:34 UTC
cd: I checked the changes made for OOo 3.2 and could see a fix from mh for
39230. This issue states "User installations should get preset values from
user's system account (first/last name, initials)". So I don't know what we want
to do here.

cd: Set mh on CC.

cd->mh: Could you please give me some more information.
Comment 3 Martin Hollmichel 2009-10-14 15:42:11 UTC
@od,of: can you please explain why this should be a security issue ? 
Comment 4 Oliver-Rainer Wittmann 2009-10-14 15:59:31 UTC
The account name is one essential part of the user's login information. When
including it as initials into OOo it can be also inserted via a text field into
the documents which are created in OOo. Thus, the user spreads part of his/her
login information to other users when sharing documents. This is in my opinion a
security issue.

BTW, under Windows also the domain name is included in the current default initials.
Comment 5 carsten.driesner 2009-10-15 09:17:44 UTC
cd: Add myself on CC.
Comment 6 mdxonefour 2009-10-15 10:29:19 UTC
MD: The current implementation fetches the current USERDOMAIN and USERNAME.
Those values do not fit into the Office user settings field INITIALS from my
point of view.

I understand the intention of this bugfix, but if we can't get any information
about INITIALS from the system, we should better leave this feature than
implementing it by using wrong data.

At least on Windows systems, no information about INITIALS is provided by the
system. A user account on Windows platform offers one string for FULLNAME and
one for USERNAME. Both are not INITIALS. We can't even use the FULLNAME string
in our Office fields NAME and SURENAME since we wouldn't know how to separate
parts from FULLNAME.

My recommendation is to turn this fix back and leave the fields empty from
automation point of view. Leave entering of user data up to the users as it was.

Regarding the idea to get information about which user has currently locked a
file, you may find a different approach to address that issue by directly
implementing this information about USERDOMAIN and USERNAME into the file
locking processes. But that is separated from properties discussed here.
Comment 7 merschmann 2009-11-06 11:44:42 UTC
I just installed m4 on windows and had been offered <systemname>\<username> as
initials, which is completely nonsense. 
If we are not able to pick the correct strings from the system (as md told), the
fields should be empty.

Please proceed here with a decision, this is still a showstopper for 3.2.
Comment 8 Martin Hollmichel 2009-11-10 11:01:23 UTC
ok, reverted the change due to heavy resisistance :-)

but a few remarks:

@od,of: I don't think this is an security issue. It might be probably a privacy
issue since personal data (login name and probably login domain) are disclosed.
From my point of view the user have full control about these data so that I
consider the general protection of personal data fullfilled. 

@md: there is no such system setting as initials in any computer system I know,
so I can't take them from the system. But anyhow I agree that initials indicate
some other thing than the login data, although it might be quite common, to use
the initials as login name.

@all: I still consider it useful to also reuse the login information in a
document as this also applies to the User Name.

@volkerme: I don't understand your comment at all, I don't think it is
completely nonsense to use the [domainname|systemname]\username in a heterogene
 infrastructure. What about dropping the initial field at all ?

anyhow, reverted that change as md decided.
Comment 9 Martin Hollmichel 2009-11-13 11:09:11 UTC
mark as verified.