Feature: password authentification per spreadsheet

[xshadow]

It would be great to have the opportunity that users/authors of spreadsheet could set a password for accessing their sheet.

Most of the time spreadsheets are used to organize stuff and they contain sensitive data, which should not be exposed to the web.

In addition to the random url, it would be great if the author of the spreadsheet could set a password on his/her own.

Delegating the auth mechanism to apache / nginx as described in #4 , #166 is only an option for the server administrator and not for the users.

[audreyt]

This is really the role of a CMS and at the point our recommendation is to use http://sandstorm.io/ which has a very fine-grained (read-only and read-write) ACL model.

However pull requests or REST API design documents are still welcome!

[jeromegit]

+1 on this! Being able to pull authentication information from ActiveDirectory/LDAP would be great!

[xshadow]

I think it does not have to be the delegated to a cms, because I don't think about users rights and ACL models.

I imagine password protection per spreadsheet.

For example a check box where you can activate password protection and have to set the password.

The password is stored in the spreadsheet data and gets evaluated, if someone want to access this spreadsheet.

[almet]

Having the spreadsheets password protected would be very useful. On the field, there are many users that would benefit from this feature.

@audreyt I would be keen to work on a patch for this, but need some guidance as to where to start. Would you be so keen to get me started?

Thanks for the great piece of software anyway.

[audreyt]

One can start with REST API endpoints that PUTs to an additional key-SHEETNAME in addition to the snapshot-SHEETNAME etc we have now, and then having future DELETE and PUT fail on the same endpoint unless passed in with the old key. Then the next step would be adding extra checks (grep for hmac in main.ls) that compares the user-passed in session key against the PUT'd key.

[PhilLAL]

Hi there, is there any news about this enhancement? It seems a lot of people see password protection of a calc as mandatory, moreover when they come from googlecalc.

[eddyparkinson]

@PhilLAL https://sandstorm.io/ has ethercalc with passwords

@ponchowang did look at adding permission management see #416

[omarbenhamid]

One can start with REST API endpoints that PUTs to an additional key-SHEETNAME in addition to the snapshot-SHEETNAME etc we have now, and then having future DELETE and PUT fail on the same endpoint unless passed in with the old key. Then the next step would be adding extra checks (grep for hmac in main.ls) that compares the user-passed in session key against the PUT'd key.

What do you think of this proposal for password protection that would offer a certain level of access restriction along with privacy: even server would not store a "clear" version of the spreadsheet.

The idea would be, when user defines a password for a spreadsheet to get SocialCalc encrypt cell before transmitting them: Istead of emitting set A1 text t Hello command, SocialCalc would emit something like set A1 enctext XXXXX where XXXX is "t Hello" encrypted with some symmetric encryption algorithm using the password. That means that if, and only if, the user at the other end types the password he can decode the value. What do you think ?

There will certainly be an issue with the server side SocialCalc which cannot be updated correctly because of server not having the password ... we will need to find a way around.

[eddyparkinson]

I did look at options for it maybe 2 years ago. Sandstorm version has passwords. But I don't think anyone is working on it, I expect it is a time/money issue.

---

Eddy Parkinson PhD Software Engineering and Logistics Mobile 0406 962 958

New ideas pass through three periods: 1) It cant be done. 2) It probably can be done, but its not worth doing. 3) I knew it was a good idea all along! - Arthur C. Clarke

On Wednesday, 15 March 2017, 08:17:28 GMT+10:30, PhilLAL <notifications@github.com> wrote:  

Hi there, is there any news about this enhancement? It seems a lot of people see password protection of a calc as mandatory, moreover when they come from googlecalc.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[omarbenhamid]

Did not try sandstorm.io but seems to require user accounts, what I wanted is to keep the "spirit" of ethercalc : to set up is just simple password protection of a given sheet without need of user management. I cloned SocialCalc to check and it seems feasible to modify it in order to encrypt cell values with a password, people who do not have that password cannot read the content of the cells.

[eddyparkinson]

Use case?

Why do you want to hide a cell value. What is the use case?

feasible to modify

yes, it is easy to hide the cell value, but a programmer could find the value if they wanted.

[JS-E]

I know this is kinda an old feature, but this is the only feature stopping me from using EtherCalc, really impressed with it but i'd be worried about putting financial data on it if there is a chance someone can stumble across it. Any news on this? :) Great work btw

[eddyparkinson]

@JS-E https://sandstorm.io/ version has passwords. It lets you share sheets. Depends what level of sharing you want (account/sheet/cell/read/write).

[JS-E]

@eddyparkinson Appreciate the reply, had a little look/messed about with it. Looks awesome. Getting a few issues with the wildcard url stuff but it will work nicely for my requirements :) Thanks!

[ocdtrekkie]

@JS-E If you have any issues with Sandstorm, feel free to open an issue on sandstorm-io/sandstorm Issues. Wildcard setup is indeed a challenge for many, but it's crucial to the security model. Depending what your scenario is, there's a few options such as Sandcats for external use or xip.io for internal use, and if you have any ideas where we can improve here, let us know!

[JS-E]

@ocdtrekkie Thanks for the reply, i've sent an email with my issue to contact@sandstorm.io with a bit more of a description of my issue. I'll happily send feedback on things i think could be improved once i get it up and running :)

[ocdtrekkie]

@JS-E Note that the email list or GitHub issues will get a response much faster than contact@.

[JS-E]

@ocdtrekkie Understood, but i feel this is more me doing something wrong than a bug or a fault with the system itself. Didn't want to raise an issue if it's just me being a pleb haha

[ocdtrekkie]

@JS-E We consider anything that isn't a technical bug to potentially be a documentation bug. ;)

contact@ usually gets checked only on weekends probably.

[JS-E]

@ocdtrekkie Fair point haha i'll mention it in an issue :)

[ghost]

Note that you could dork them as well so the random url is not a security layer so far.

[ocdtrekkie]

@hell It's probably a good idea if EtherCalc privacy is important to you to ensure search engines aren't crawling your server. (And I wouldn't assume ethercalc.org is an inherently secure place to store your data.)

I would characterize EtherCalc as a spreadsheet product, not a security product, and EtherCalc doesn't really have the scale of development resources such that you'd want to rely on it managing it's own security. Sandstorm, Cloudron, and other self-hosting platforms often are security products, and you can hence run EtherCalc securely in them.