Re: Here we go again
>there are a few solutions, but most are fairly draconian, and even they are rarely bullet proof.
What was the error? Hiding data and mixing formatting with data.
Do not do unexpected things with data processing. If you have the data there, keep it in plain sight. If it shouldn't be in plain sight, don't just pretend it isn't there.
Keep a canonical list of templates which have no data in them and have reports populate them. If you must import the data to provide a snapshot, don't hide it, put it in a separate sheet and have your formatted report reference the data.
Of course, if MS could, you know, innovate in security, it could get the mail client to check attachments when they are added and run the "ready to publish?" checks it already has in its own products which pick up on hidden fields and so on.
Maybe they could add an "attachment" api to windows so that picking up a file will run it through checks based on the file type and system configuration. It always looks a little weird that you "open" a file when you are actually not.
But hey, people will buy Windows and Office anyway, so why bother spending any money on developing it for security?