|Summary:||Creating HTML MailMerge Appends Database records to the Bottom of the File|
|Product:||[Fedora] Fedora||Reporter:||Eli Wapniarski <eli>|
|Component:||openoffice.org||Assignee:||Caolan McNamara <caolanm>|
|Status:||CLOSED INSUFFICIENT_DATA||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2009-02-22 23:18:59 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description Eli Wapniarski 2009-02-20 20:07:36 UTC
As I indicate when I create an HTML mailmerge to an email the file created has appended to the bottom of the all records of the database. I will leave this up to your determination as to whether or not this is a security issue.
Comment 1 Caolan McNamara 2009-02-22 23:18:59 UTC
"the file created has appended to the bottom of the all records of the database." I don't understand the problem, can you re-phrase this with all the steps you used to arrive at a situation where you think there "is a security issue."
Comment 2 Eli Wapniarski 2009-02-23 05:56:41 UTC
Tools -> MailMerge -> Use the current document -> Next E-mail message -> Next Select Address List (Select the Address database and table that you want Filter if you want to by click on filter) -> Next (Create a salutation if you want to) -> Next (Preview and edit the document if you want to) -> Next (Personalize the mail merge) -> Edit individual document -> Scroll down the document and records in the database are in the document in table form ready to be sent along with the document (Note: this could be a result of filtering since before I make myself look silly I need to check if things look OK so I'm sending a mailmerge email to myself). -> Next POTENTIAL SECURITY ISSUE If the personalized data of other people are accidentally sent via email that data could potentially be sensitive or confidential. In such a case, it could disastrous if that data got out don't you think.
Comment 3 Caolan McNamara 2009-02-23 09:47:08 UTC
Getting the entire contents of the database dumped at the end of the file sent out to everyone included in the mail merge would definitely be a bug, but this doesn't happen for me though when I try it from scratch
Comment 4 Eli Wapniarski 2009-02-23 10:28:35 UTC
Try filtering out 1 email address from the list.